MDKSA-2004:157 - Updated mplayer packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mplayer
Advisory ID: MDKSA-2004:157
Date: December 22nd, 2004
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in the MPlayer program by
iDEFENSE, Ariel Berkman, and the MPlayer development team. These
vulnerabilities include potential heap overflows in Real RTSP and pnm
streaming code, stack overflows in MMST streaming code, and multiple
buffer overflows in the BMP demuxer and mp3lib code.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://www.idefense.com/application/poi/display?id=168&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=167&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=166&type=vulnerabilities
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
ffdf4b22ac493b3d50c91ea53b3eac95
10.0/RPMS/libdha0.1-1.0-0.pre3.14.100mdk.i586.rpm
0ce288d8301695608bc934e20f3d6ae2
10.0/RPMS/libpostproc0-1.0-0.pre3.14.100mdk.i586.rpm
2e8b0a7d9d7336be095c0e66a5d13551
10.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.100mdk.i586.rpm
df9575c1164860609049f7b980f0d4bb
10.0/RPMS/mencoder-1.0-0.pre3.14.100mdk.i586.rpm
ad63e5f042e446d7d865dd67d8436111
10.0/RPMS/mplayer-1.0-0.pre3.14.100mdk.i586.rpm
87da5dc2082a30bf846463935e9c032c
10.0/RPMS/mplayer-gui-1.0-0.pre3.14.100mdk.i586.rpm
411a086e2fd7a2d6d8115330bfebf8f2
10.0/SRPMS/mplayer-1.0-0.pre3.14.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
496a51acbfb73c9e96f91e65f827460f
amd64/10.0/RPMS/lib64postproc0-1.0-0.pre3.14.100mdk.amd64.rpm
288c38dca2ba88876c5b28805ae5b65b
amd64/10.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.100mdk.amd64.rpm
32afa85e2ceb44eed56970d95be428e8
amd64/10.0/RPMS/mencoder-1.0-0.pre3.14.100mdk.amd64.rpm
3e7b9191891b2c2b690a85134b1b9d7b
amd64/10.0/RPMS/mplayer-1.0-0.pre3.14.100mdk.amd64.rpm
bd2435043f70e9213ff18a7b862b1aea
amd64/10.0/RPMS/mplayer-gui-1.0-0.pre3.14.100mdk.amd64.rpm
411a086e2fd7a2d6d8115330bfebf8f2
amd64/10.0/SRPMS/mplayer-1.0-0.pre3.14.100mdk.src.rpm
Mandrakelinux 10.1:
67087fd39fc404574765347a674e3d47
10.1/RPMS/libdha1.0-1.0-0.pre5.7.101mdk.i586.rpm
844773d2a6672530b70bb6813fce016e
10.1/RPMS/libpostproc0-1.0-0.pre5.7.101mdk.i586.rpm
1daf2b9c24c8008bbf9c20caa2b33724
10.1/RPMS/libpostproc0-devel-1.0-0.pre5.7.101mdk.i586.rpm
401a9725b7ae5cb52cff9c545aff66e3
10.1/RPMS/mencoder-1.0-0.pre5.7.101mdk.i586.rpm
ac034976bedeb442864518eafa4433a1
10.1/RPMS/mplayer-1.0-0.pre5.7.101mdk.i586.rpm
d9e859d2b707415f7ab47c959338652c
10.1/RPMS/mplayer-gui-1.0-0.pre5.7.101mdk.i586.rpm
a8b9342645993dd59089847aa2151411
10.1/SRPMS/mplayer-1.0-0.pre5.7.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
d2ca93cc253090002c5122b56c7f5c80
x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.7.101mdk.i586.rpm
eb59719fb7d84fbc18cc4959f1b9c5c9
x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.7.101mdk.i586.rpm
b0becbdf9766370108a77f6bd65f964e
x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.7.101mdk.i586.rpm
3dc6189ecffa58e9a8214277a4dd8f3a
x86_64/10.1/RPMS/mencoder-1.0-0.pre5.7.101mdk.i586.rpm
5fa13f95faa4b1158c9936a5d23abfaa
x86_64/10.1/RPMS/mplayer-1.0-0.pre5.7.101mdk.i586.rpm
22a188a5daca20064b5b9c19e8754c2c
x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.7.101mdk.i586.rpm
a8b9342645993dd59089847aa2151411
x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.7.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFByaXZmqjQ0CJFipgRAiLwAKCSSJzA5d5EP63QazWdm0DSnj7+YACg4785
q4lThbYKEd0RUH5/6dBHT1A=
=cVYr
-----END PGP SIGNATURE-----