<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:192 ] - Updated mplayer packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:192
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mplayer
 Date    : October 1, 2007
 Affected: 2007.0, 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 A heap-based buffer overflow was found in MPlayer's AVI handling
 that could allow a remote attacker to cause a denial of service or
 possibly execute arbitrary code via a crafted .avi file.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 664764460655f8fa3ffe837fe1c753c4  
2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm
 92e7649f53c13651062b76f33b093f16  
2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm
 ea399734d197db1b88a8706ad9bf855a  
2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm
 9d751d448cf399915dc11233f291bed5  
2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm 
 c015287479e38ccf22e271b3e97cc3ac  
2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a841c634484003178dbe3edcf04250fb  
2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm
 0c59b24ecd8977087b546ad373b5c556  
2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm
 8a9e6cd4f9b438470a08f770a6f3faca  
2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 
 c015287479e38ccf22e271b3e97cc3ac  
2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 1f9dba71ed8296072bbb29a276b24349  
2007.1/i586/libdha1.0-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 b679aa7cfb01a9173539045c7ae06a42  
2007.1/i586/mencoder-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 518690338f0b044e2e591f9cc49c3eab  
2007.1/i586/mplayer-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 54a46f319a936e2e94c833385dc01b92  
2007.1/i586/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 bd9470eb57ee6ced6a9e3358d8d47484  
2007.1/i586/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.i586.rpm 
 3e6887feff803bc3a3efe864842e0679  
2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 af0ee01741af03a7a75b6a5289dbca9d  
2007.1/x86_64/mencoder-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm
 0e7e5f18937ebd4a050a683da5116e3e  
2007.1/x86_64/mplayer-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm
 4eeb75257e99b553e90b2c767fce6903  
2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm
 2604e564242de95388b4e543624db4dc  
2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 
 3e6887feff803bc3a3efe864842e0679  
2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHAV4CmqjQ0CJFipgRAhrhAKC9bfRHlSG6+oVGztLTNtG5AfVqgACg21JC
obuu0r4eZMhQuLCVAh4l7Ms=
=WAef
-----END PGP SIGNATURE-----