Advisories

Mandriva Advisories

Package name	mplayer
Date	October 1st, 2007
Advisory ID	MDKSA-2007:192
Affected versions	2007.0, 2007.1
Synopsis	Updated mplayer packages fix vulnerability

Problem Description

A heap-based buffer overflow was found in MPlayer's AVI handling
that could allow a remote attacker to cause a denial of service or
possibly execute arbitrary code via a crafted .avi file.

Updated packages have been patched to prevent this issue.

Updated Packages

Mandriva Linux 2007

 664764460655f8fa3ffe837fe1c753c4  2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm
 92e7649f53c13651062b76f33b093f16  2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm
 ea399734d197db1b88a8706ad9bf855a  2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm
 9d751d448cf399915dc11233f291bed5  2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm 
 c015287479e38ccf22e271b3e97cc3ac  2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 a841c634484003178dbe3edcf04250fb  2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm
 0c59b24ecd8977087b546ad373b5c556  2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm
 8a9e6cd4f9b438470a08f770a6f3faca  2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 
 c015287479e38ccf22e271b3e97cc3ac  2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm

Mandriva Linux 2007.1

 1f9dba71ed8296072bbb29a276b24349  2007.1/i586/libdha1.0-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 b679aa7cfb01a9173539045c7ae06a42  2007.1/i586/mencoder-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 518690338f0b044e2e591f9cc49c3eab  2007.1/i586/mplayer-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 54a46f319a936e2e94c833385dc01b92  2007.1/i586/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.i586.rpm
 bd9470eb57ee6ced6a9e3358d8d47484  2007.1/i586/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.i586.rpm 
 3e6887feff803bc3a3efe864842e0679  2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 af0ee01741af03a7a75b6a5289dbca9d  2007.1/x86_64/mencoder-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm
 0e7e5f18937ebd4a050a683da5116e3e  2007.1/x86_64/mplayer-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm
 4eeb75257e99b553e90b2c767fce6903  2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm
 2604e564242de95388b4e543624db4dc  2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 
 3e6887feff803bc3a3efe864842e0679  2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer