what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2005.158

Mandriva Linux Security Advisory 2005.158
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via a video file with an audio header containing a large value in a strf chunk.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
SHA-256 | 7b3e6873b460f03c379d889d6f3bdfa59e23233031a499f5828119f39d23b366

Mandriva Linux Security Advisory 2005.158

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: mplayer
Advisory ID: MDKSA-2005:158
Date: September 6th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows
remote attackers to execute arbitrary code via a video file with an
audio header containing a large value in a strf chunk.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718
http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
250459965c8fc4f42a2769e749e22e81 10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8 10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24 10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
9be25967363cd572adfd36bc4d87b93a 10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba 10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026 10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f 10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
250459965c8fc4f42a2769e749e22e81 x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8 x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24 x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
9be25967363cd572adfd36bc4d87b93a x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026 x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Mandrakelinux 10.2:
de875487b091b75e8f5247df554081cb 10.2/RPMS/libdha1.0-1.0-0.pre6.8.2.102mdk.i586.rpm
a6604d2eb448775983d3b02b3e407fb0 10.2/RPMS/libpostproc0-1.0-0.pre6.8.2.102mdk.i586.rpm
6798646f4d62525901fc7e39b2ed923e 10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.2.102mdk.i586.rpm
d22348b0c5984578a5943cb7c1f411f3 10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.i586.rpm
4eacc77aa9e231e55c40a0a1175113f9 10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.i586.rpm
b17dc79c2f2f3c7ca1512abde018b069 10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.i586.rpm
956d43071a6e94af9394b5da7fb12a62 10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
1790a5313459770becf4d56943266bb5 x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.2.102mdk.x86_64.rpm
360a5c1ccce816edc10f0764ce818784 x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.2.102mdk.x86_64.rpm
39b2652e9203165fb9c9d44dd75cacdc x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.x86_64.rpm
0df3262bbab999f1dbd0710e863c8610 x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.x86_64.rpm
760154d8cf96ca552c327610b75c1acf x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.x86_64.rpm
956d43071a6e94af9394b5da7fb12a62 x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

Corporate 3.0:
4154fbdaf579fa4999c7d78b21d6cb36 corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.3.C30mdk.i586.rpm
4e3754365ee2513295db740ab3cf6cf0 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.3.C30mdk.i586.rpm
15334f63a998240eda3beb3adf8b871c corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.3.C30mdk.i586.rpm
f4e09e3a33b59becd4dd034a3cb0dc96 corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.i586.rpm
068a5c5e29b7c3d191d553e32d4b5d16 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.i586.rpm
75b97f74726b07e8dbf908ff731c167a corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.i586.rpm
063e6e15d3cfa8d859acc33da0e90eee corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
85e34fedb91a68091e37521fe4d1cfa3 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
3bfdf357b670cd8dc0b310dfa31adf6b x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
278616d508bd32dcdf5f4a1f21bd3249 x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
b7008436842f07451bc9867dd2d30973 x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
e1b508be67d5f3d0ef42985d02925f45 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
063e6e15d3cfa8d859acc33da0e90eee x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDHjD1mqjQ0CJFipgRAsKGAJ0WTDYl1wTz9YWTbcpNRdyBWpqugQCfbMSg
8QKUx6EYlsXEDvWpzu+WLvo=
=lEcU
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close