Advisories

Mandriva Advisories

Package name	mplayer
Date	March 8th, 2007
Advisory ID	MDKSA-2007:055
Affected versions	CS3.0, 2007.0
Synopsis	Updated mplayer packages to address buffer overflow vulnerability

Problem Description

The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c
in MPlayer 1.0rc1 and earlier does not set the biSize before use in a
memcpy, which allows user-assisted remote attackers to cause a buffer
overflow and possibly execute arbitrary code.

Updated packages have been patched to address this issue.

Updated Packages

Corporate Server 3.0

 c856e0fc1743cd8f623d7ee8f9e6ffe3  corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.9.C30mdk.i586.rpm
 1350f9e69fd481e17b707a94fb1bc74a  corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.9.C30mdk.i586.rpm
 98d7ca9b74490afb20c44efe098761fa  corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.9.C30mdk.i586.rpm
 536f8ad600598e2cffce436c1c0e695f  corporate/3.0/i586/mencoder-1.0-0.pre3.14.9.C30mdk.i586.rpm
 208ea2e10312f1cba5989ecbf43956f3  corporate/3.0/i586/mplayer-1.0-0.pre3.14.9.C30mdk.i586.rpm
 1ff79a1c5e08b898a14010305797893c  corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.9.C30mdk.i586.rpm 
 20150c93e21037f29585075932eb7ef0  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.9.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 823d5b19da1feead69cb245cbea24ec3  corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.9.C30mdk.x86_64.rpm
 b4839689ed4d7fd56198b266a913eda6  corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.9.C30mdk.x86_64.rpm
 f522ed8f9e28c712af8820a21635a387  corporate/3.0/x86_64/mencoder-1.0-0.pre3.14.9.C30mdk.x86_64.rpm
 91bb9c93d8d71e8978a0dfc9ba5f7b6e  corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.9.C30mdk.x86_64.rpm
 10196940030f359d04c345e55c8c98fb  corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.9.C30mdk.x86_64.rpm 
 20150c93e21037f29585075932eb7ef0  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.9.C30mdk.src.rpm

Mandriva Linux 2007

 c79b106f66ef06c04a656adbd2dd5caa  2007.0/i586/libdha1.0-1.0-1.pre8.13.1mdv2007.0.i586.rpm
 5a596579a15d7092b559bbbd6c319167  2007.0/i586/mencoder-1.0-1.pre8.13.1mdv2007.0.i586.rpm
 dd6293fb4f03bd361932e385d07f8918  2007.0/i586/mplayer-1.0-1.pre8.13.1mdv2007.0.i586.rpm
 0b7a8a5af99b3a3975a3f0f9e0b5c70a  2007.0/i586/mplayer-gui-1.0-1.pre8.13.1mdv2007.0.i586.rpm 
 e90776605fb7d8b2c6c9845431dff696  2007.0/SRPMS/mplayer-1.0-1.pre8.13.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 3ccbf6766332228912f9ca86673ee082  2007.0/x86_64/mencoder-1.0-1.pre8.13.1mdv2007.0.x86_64.rpm
 d5544ee7ba584ad39c78221947d9f763  2007.0/x86_64/mplayer-1.0-1.pre8.13.1mdv2007.0.x86_64.rpm
 7485610e6dae090636fb34c7c41c9343  2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.1mdv2007.0.x86_64.rpm 
 e90776605fb7d8b2c6c9845431dff696  2007.0/SRPMS/mplayer-1.0-1.pre8.13.1mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer