Advisories
Mandriva Advisories
|
 |
| Problem Description |
A vulnerability in the mpg123 mp3 player could allow local and/or
remote attackers to cause a DoS and possibly execute arbitrary code via
an mp3 file with a zero bitrate, which causes a negative frame size.
| Updated Packages |
Mandrakelinux 9.0
22c4645928964dcacdbbb8f4a7ec7757 9.0/RPMS/mpg123-0.59r-17.1mdk.i586.rpm ed571f616381f5db2ec5b3e0f898a951 9.0/SRPMS/mpg123-0.59r-17.1mdk.src.rpm
Mandrakelinux 9.1
3f2ef5a7a04c7964fde90add7f330039 9.1/RPMS/mpg123-0.59r-17.1mdk.i586.rpm ed571f616381f5db2ec5b3e0f898a951 9.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm
Mandrakelinux 9.1/PPC
23f03f1a5a8d973d4454693ce90a69e3 ppc/9.1/RPMS/mpg123-0.59r-17.1mdk.ppc.rpm ed571f616381f5db2ec5b3e0f898a951 ppc/9.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm
Corporate Server 2.1
22c4645928964dcacdbbb8f4a7ec7757 corporate/2.1/RPMS/mpg123-0.59r-17.1mdk.i586.rpm ed571f616381f5db2ec5b3e0f898a951 corporate/2.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm
Corporate Server 2.1/X86_64
c73649f8b7e997ac0299b01933ca7f84 x86_64/corporate/2.1/RPMS/mpg123-0.59r-17.1mdk.x86_64.rpm ed571f616381f5db2ec5b3e0f898a951 x86_64/corporate/2.1/SRPMS/mpg123-0.59r-17.1mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0577
http://online.securityfocus.com/bid/6629
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.