Home > Security > Advisories


Mandriva Advisories

Package name mpg123
Date July 23rd, 2003
Advisory ID MDKSA-2003:078
Affected versions 9.0, 9.1, CS2.1
Synopsis Updated mpg123 packages fix vulnerability

Problem Description

A vulnerability in the mpg123 mp3 player could allow local and/or
remote attackers to cause a DoS and possibly execute arbitrary code via
an mp3 file with a zero bitrate, which causes a negative frame size.

Updated Packages

Mandrakelinux 9.0

 22c4645928964dcacdbbb8f4a7ec7757  9.0/RPMS/mpg123-0.59r-17.1mdk.i586.rpm
ed571f616381f5db2ec5b3e0f898a951  9.0/SRPMS/mpg123-0.59r-17.1mdk.src.rpm

Mandrakelinux 9.1

 3f2ef5a7a04c7964fde90add7f330039  9.1/RPMS/mpg123-0.59r-17.1mdk.i586.rpm
ed571f616381f5db2ec5b3e0f898a951  9.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm

Mandrakelinux 9.1/PPC

 23f03f1a5a8d973d4454693ce90a69e3  ppc/9.1/RPMS/mpg123-0.59r-17.1mdk.ppc.rpm
ed571f616381f5db2ec5b3e0f898a951  ppc/9.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm

Corporate Server 2.1

 22c4645928964dcacdbbb8f4a7ec7757  corporate/2.1/RPMS/mpg123-0.59r-17.1mdk.i586.rpm
ed571f616381f5db2ec5b3e0f898a951  corporate/2.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm

Corporate Server 2.1/X86_64

 c73649f8b7e997ac0299b01933ca7f84  x86_64/corporate/2.1/RPMS/mpg123-0.59r-17.1mdk.x86_64.rpm
ed571f616381f5db2ec5b3e0f898a951  x86_64/corporate/2.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.