Advisories

Mandriva Advisories

Package name	mpg123
Date	January 19th, 2005
Advisory ID	MDKSA-2005:009
Affected versions	10.0, 10.1, CS2.1, CS3.0
Synopsis	Updated mpg123 packages fix vulnerability

Problem Description

A vulnerability in mpg123's ability to parse frame headers in input
streams could allow a malicious file to exploit a buffer overflow and
execute arbitray code with the permissions of the user running mpg123.

The updated packages have been patched to prevent these problems.

Updated Packages

Mandrakelinux 10.0

 c6853d42d98e62393a7f819a2ffe3356  10.0/RPMS/mpg123-0.59r-22.2.100mdk.i586.rpm
a23d6bfb05fa6ac27067bc31428092eb  10.0/SRPMS/mpg123-0.59r-22.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 4ee7ef6a8d53837780ed7f2b03839673  amd64/10.0/RPMS/mpg123-0.59r-22.2.100mdk.amd64.rpm
a23d6bfb05fa6ac27067bc31428092eb  amd64/10.0/SRPMS/mpg123-0.59r-22.2.100mdk.src.rpm

Mandrakelinux 10.1

 3f9c35756148f51b279631123545b75b  10.1/RPMS/mpg123-0.59r-22.2.101mdk.i586.rpm
4cf62de0ff365cd0e74c417f84b7730e  10.1/SRPMS/mpg123-0.59r-22.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 ee70a13d4ccfcf5f8fbd9ed778186647  x86_64/10.1/RPMS/mpg123-0.59r-22.2.101mdk.x86_64.rpm
4cf62de0ff365cd0e74c417f84b7730e  x86_64/10.1/SRPMS/mpg123-0.59r-22.2.101mdk.src.rpm

Corporate Server 2.1

 b68e025bfc40ff120c63d77bed97270b  corporate/2.1/RPMS/mpg123-0.59r-21.3.C21mdk.i586.rpm
437ddd9bda9615417690f737e9722990  corporate/2.1/SRPMS/mpg123-0.59r-21.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 deb362353f3912ed0154847947c45543  x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.3.C21mdk.x86_64.rpm
437ddd9bda9615417690f737e9722990  x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.3.C21mdk.src.rpm

Corporate Server 3.0

 2d5fd7533161e466ba3f3b1307be77d1  corporate/3.0/RPMS/mpg123-0.59r-22.2.C30mdk.i586.rpm
7aab2dce78c90489c8da66e715b61bf5  corporate/3.0/SRPMS/mpg123-0.59r-22.2.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer