<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:026 - Updated mplayer packages fix remotely exploitable vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mplayer
 Advisory ID:            MDKSA-2004:026
 Date:                   April 5th, 2004

 Affected versions:      10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A remotely exploitable buffer overflow vulnerability was found in
 MPlayer.  A malicious host can craft a harmful HTTP header
 ("Location:"), and trick MPlayer into executing arbitrary code upon
 parsing that header.
 
 The updated packages contain a patch from the MPlayer development team
 to correct the problem.
 _______________________________________________________________________

 References:

  http://www.mplayerhq.hu/homepage/design6/news.html
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 134aa1652ff5325837ee0d1dd7062b2f  
10.0/RPMS/libdha0.1-1.0-0.pre3.13.100mdk.i586.rpm
 59d793c4ee7906121ad4c5847d8c48e5  
10.0/RPMS/libpostproc0-1.0-0.pre3.13.100mdk.i586.rpm
 379cfc3fca85254dc9e02e7dcfe3b8a5  
10.0/RPMS/libpostproc0-devel-1.0-0.pre3.13.100mdk.i586.rpm
 3255b8d6b3c07ab7e850291ccf448be4  
10.0/RPMS/mencoder-1.0-0.pre3.13.100mdk.i586.rpm
 8d9d2d1acdc13f45bf4145d57d2d8279  
10.0/RPMS/mplayer-1.0-0.pre3.13.100mdk.i586.rpm
 0326d955c0bd11c1f108c25bd6afec7c  
10.0/RPMS/mplayer-gui-1.0-0.pre3.13.100mdk.i586.rpm
 911e55e683df88c41df9ef9f2b09493f  
10.0/SRPMS/mplayer-1.0-0.pre3.13.100mdk.src.rpm

 Mandrakelinux 9.2:
 d2335a0b3a0309a109db619a3c1247cd  9.2/RPMS/libdha0.1-0.91-8.2.92mdk.i586.rpm
 3f739b2b8da578eec51d6c470d016861  9.2/RPMS/libpostproc0-0.91-8.2.92mdk.i586.rpm
 bea49f0df30a6fc90c08ce7de955ad51  
9.2/RPMS/libpostproc0-devel-0.91-8.2.92mdk.i586.rpm
 fc157454aebde5fc4b40688c920987ff  9.2/RPMS/mencoder-0.91-8.2.92mdk.i586.rpm
 ab6cbd8a28a845d714f5e572dadbd52b  9.2/RPMS/mplayer-0.91-8.2.92mdk.i586.rpm
 18f43c4247b164f9c11dd2a70ab707c5  9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.i586.rpm
 f930e2754ab5d7e284a71f5a9f40cc38  9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 b48538a9d9183d02d57b21b4b4fa1b02  
amd64/9.2/RPMS/lib64postproc0-0.91-8.2.92mdk.amd64.rpm
 19b0ae1cc45534f2b389059a64fde38c  
amd64/9.2/RPMS/lib64postproc0-devel-0.91-8.2.92mdk.amd64.rpm
 ec3be0bf7521721acf91f863d5af8bbc  
amd64/9.2/RPMS/mencoder-0.91-8.2.92mdk.amd64.rpm
 184a24f4121e7999cc650cb99f18e935  
amd64/9.2/RPMS/mplayer-0.91-8.2.92mdk.amd64.rpm
 e75f2c67e14004edaa204968ad92a134  
amd64/9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.amd64.rpm
 f930e2754ab5d7e284a71f5a9f40cc38  
amd64/9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAcepCmqjQ0CJFipgRAhCKAKCi/TErb5NqKNNwb7+TN/c/qIoIRgCgz7RS
cs7U2oyUG5RaPnRM2r6wmfw=
=a96D
-----END PGP SIGNATURE-----