Advisories

Mandriva Advisories

Package name	mplayer
Date	September 6th, 2005
Advisory ID	MDKSA-2005:158
Affected versions	10.1, CS3.0, 10.2
Synopsis	Updated mplayer packages fix vulnerabilities

Problem Description

Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows
remote attackers to execute arbitrary code via a video file with an
audio header containing a large value in a strf chunk.

The updated packages have been patched to correct this problem.

Updated Packages

Mandrakelinux 10.1

 250459965c8fc4f42a2769e749e22e81  10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8  10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24  10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
9be25967363cd572adfd36bc4d87b93a  10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba  10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026  10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f  10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 250459965c8fc4f42a2769e749e22e81  x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8  x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24  x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
9be25967363cd572adfd36bc4d87b93a  x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba  x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026  x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f  x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Corporate Server 3.0

 4154fbdaf579fa4999c7d78b21d6cb36  corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.3.C30mdk.i586.rpm
4e3754365ee2513295db740ab3cf6cf0  corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.3.C30mdk.i586.rpm
15334f63a998240eda3beb3adf8b871c  corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.3.C30mdk.i586.rpm
f4e09e3a33b59becd4dd034a3cb0dc96  corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.i586.rpm
068a5c5e29b7c3d191d553e32d4b5d16  corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.i586.rpm
75b97f74726b07e8dbf908ff731c167a  corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.i586.rpm
063e6e15d3cfa8d859acc33da0e90eee  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 85e34fedb91a68091e37521fe4d1cfa3  x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
3bfdf357b670cd8dc0b310dfa31adf6b  x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
278616d508bd32dcdf5f4a1f21bd3249  x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
b7008436842f07451bc9867dd2d30973  x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
e1b508be67d5f3d0ef42985d02925f45  x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
063e6e15d3cfa8d859acc33da0e90eee  x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm

Mandriva Linux LE2005

 de875487b091b75e8f5247df554081cb  10.2/RPMS/libdha1.0-1.0-0.pre6.8.2.102mdk.i586.rpm
a6604d2eb448775983d3b02b3e407fb0  10.2/RPMS/libpostproc0-1.0-0.pre6.8.2.102mdk.i586.rpm
6798646f4d62525901fc7e39b2ed923e  10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.2.102mdk.i586.rpm
d22348b0c5984578a5943cb7c1f411f3  10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.i586.rpm
4eacc77aa9e231e55c40a0a1175113f9  10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.i586.rpm
b17dc79c2f2f3c7ca1512abde018b069  10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.i586.rpm
956d43071a6e94af9394b5da7fb12a62  10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 1790a5313459770becf4d56943266bb5  x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.2.102mdk.x86_64.rpm
360a5c1ccce816edc10f0764ce818784  x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.2.102mdk.x86_64.rpm
39b2652e9203165fb9c9d44dd75cacdc  x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.x86_64.rpm
0df3262bbab999f1dbd0710e863c8610  x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.x86_64.rpm
760154d8cf96ca552c327610b75c1acf  x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.x86_64.rpm
956d43071a6e94af9394b5da7fb12a62  x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718
http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer