what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2005.158

Mandriva Linux Security Advisory 2005.158
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via a video file with an audio header containing a large value in a strf chunk.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
SHA-256 | 7b3e6873b460f03c379d889d6f3bdfa59e23233031a499f5828119f39d23b366
Download | Favorite | View

Mandriva Linux Security Advisory 2005.158

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           mplayer
 Advisory ID:            MDKSA-2005:158
 Date:                   September 6th, 2005

 Affected versions:   10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows
 remote attackers to execute arbitrary code via a video file with an
 audio header containing a large value in a strf chunk.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718
  http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 250459965c8fc4f42a2769e749e22e81  10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
 d8c7750a627e80277fce628e2d1e94c8  10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
 5917312b2927d69c316ccfee23fada24  10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
 9be25967363cd572adfd36bc4d87b93a  10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
 c80e742412e9d1d350c370b634c246ba  10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
 2b8c578c31cb5ee5973b33af7954d026  10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
 6a2f4fe0b219c835f95a7e0c4947991f  10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 250459965c8fc4f42a2769e749e22e81  x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
 d8c7750a627e80277fce628e2d1e94c8  x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
 5917312b2927d69c316ccfee23fada24  x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
 9be25967363cd572adfd36bc4d87b93a  x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
 c80e742412e9d1d350c370b634c246ba  x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
 2b8c578c31cb5ee5973b33af7954d026  x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
 6a2f4fe0b219c835f95a7e0c4947991f  x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 de875487b091b75e8f5247df554081cb  10.2/RPMS/libdha1.0-1.0-0.pre6.8.2.102mdk.i586.rpm
 a6604d2eb448775983d3b02b3e407fb0  10.2/RPMS/libpostproc0-1.0-0.pre6.8.2.102mdk.i586.rpm
 6798646f4d62525901fc7e39b2ed923e  10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.2.102mdk.i586.rpm
 d22348b0c5984578a5943cb7c1f411f3  10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.i586.rpm
 4eacc77aa9e231e55c40a0a1175113f9  10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.i586.rpm
 b17dc79c2f2f3c7ca1512abde018b069  10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.i586.rpm
 956d43071a6e94af9394b5da7fb12a62  10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 1790a5313459770becf4d56943266bb5  x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.2.102mdk.x86_64.rpm
 360a5c1ccce816edc10f0764ce818784  x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.2.102mdk.x86_64.rpm
 39b2652e9203165fb9c9d44dd75cacdc  x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.x86_64.rpm
 0df3262bbab999f1dbd0710e863c8610  x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.x86_64.rpm
 760154d8cf96ca552c327610b75c1acf  x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.x86_64.rpm
 956d43071a6e94af9394b5da7fb12a62  x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

 Corporate 3.0:
 4154fbdaf579fa4999c7d78b21d6cb36  corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.3.C30mdk.i586.rpm
 4e3754365ee2513295db740ab3cf6cf0  corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.3.C30mdk.i586.rpm
 15334f63a998240eda3beb3adf8b871c  corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.3.C30mdk.i586.rpm
 f4e09e3a33b59becd4dd034a3cb0dc96  corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.i586.rpm
 068a5c5e29b7c3d191d553e32d4b5d16  corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.i586.rpm
 75b97f74726b07e8dbf908ff731c167a  corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.i586.rpm
 063e6e15d3cfa8d859acc33da0e90eee  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 85e34fedb91a68091e37521fe4d1cfa3  x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
 3bfdf357b670cd8dc0b310dfa31adf6b  x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
 278616d508bd32dcdf5f4a1f21bd3249  x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
 b7008436842f07451bc9867dd2d30973  x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
 e1b508be67d5f3d0ef42985d02925f45  x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
 063e6e15d3cfa8d859acc33da0e90eee  x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDHjD1mqjQ0CJFipgRAsKGAJ0WTDYl1wTz9YWTbcpNRdyBWpqugQCfbMSg
8QKUx6EYlsXEDvWpzu+WLvo=
=lEcU
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close