-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:112 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mplayer Date : June 4, 2007 Affected: 2007.0, 2007.1, Corporate 3.0 _______________________________________________________________________ Problem Description: Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 830fb73b1b7ef7bce6f6f21a44d9e89f 2007.0/i586/libdha1.0-1.0-1.pre8.13.3mdv2007.0.i586.rpm 0235e5abe7ff905ccbe2623876946915 2007.0/i586/mencoder-1.0-1.pre8.13.3mdv2007.0.i586.rpm 54faca2a832a87403e4ac4f02b719d9e 2007.0/i586/mplayer-1.0-1.pre8.13.3mdv2007.0.i586.rpm 3adef91daba9c23859a411e6e7fed99d 2007.0/i586/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.i586.rpm 77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7db8e08bbc3a2a7780b9cb6172372966 2007.0/x86_64/mencoder-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm 5b94344377c17fc27cc6387c1f8d56dc 2007.0/x86_64/mplayer-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm ec5d71b9b1ab30deb6fe717a4361c7ed 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm 77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm Mandriva Linux 2007.1: e35f5cf2df21511dc7c1b8b5d95a4936 2007.1/i586/libdha1.0-1.0-1.rc1.11.1mdv2007.1.i586.rpm da4702585498a73d5697e55a5e08f834 2007.1/i586/mencoder-1.0-1.rc1.11.1mdv2007.1.i586.rpm 22be41581519dc8d8e6e1a28472fe35d 2007.1/i586/mplayer-1.0-1.rc1.11.1mdv2007.1.i586.rpm 76bd7950cd1790bbf3caeaa3de75202a 2007.1/i586/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.i586.rpm 48cc118f6e33ddc1db7268b7a4436c51 2007.1/i586/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.i586.rpm f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 780ef1ea825746d89c0ad855920383fe 2007.1/x86_64/mencoder-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 1d338368b9c85ba5b537eab6d7458e26 2007.1/x86_64/mplayer-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 274d7330781b618dcf413fda2231615f 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 955284559324b44e9e6ddbf60c682d68 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm Corporate 3.0: f1b7f04506edd2f048821aa868f312b0 corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.11.C30mdk.i586.rpm 4250be5ebe5ccae0f1233343699aa3a9 corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.11.C30mdk.i586.rpm 9c2ee76860184398988a33347d591fd2 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.11.C30mdk.i586.rpm 5d1d7efad438f4c645a9124b6c5a2ac8 corporate/3.0/i586/mencoder-1.0-0.pre3.14.11.C30mdk.i586.rpm fdd5ab4e3aefef7ea1f42c2bbf48d860 corporate/3.0/i586/mplayer-1.0-0.pre3.14.11.C30mdk.i586.rpm b493e323ce7e94c5728cc2a373c40fc5 corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.11.C30mdk.i586.rpm 228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm Corporate 3.0/X86_64: 5703a3b6ccd14cd700762f63b9da58ca corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 16152708c55cd45a374398cb1b0aff1a corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 2fc00f3155f4f51875b66ae27207c275 corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 152fbb089a239522190c7ec6d1720c46 corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGZGKsmqjQ0CJFipgRArfTAJ9R4vCvsq/7/ihChUth5SohCQxQPACfbY+W GsEyIsiCdItN1JAcODQN35Y= =ZDrW -----END PGP SIGNATURE-----