Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo: 200309-17 Critical: mpg123 Remote Code Execution

gentoo
Calendar Grey September 30, 2003
Dist Gentoo Esm H88
Arch Linux has released a critical advisory about a severe integer overflow vulnerability in curl that may permit unauthorized system access. Users are urged to install the patch immediately
mpg123 contains a heap based buffer overflow that would allow an remoteattacker to execute arbitrary code on the victims machine.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200309-17
     GENTOO BUG # : 26787


DESCRIPTION

mpg123 contains a heap based buffer overflow that would allow an remote
attacker to execute arbitrary code on the victims machine.

SOLUTION

it is recommended that all Gentoo Linux users who are running
media-sound/mpg123 upgrade to a fixed version.

make sure that the version to be installed is either one of 
0.59r-r3 (stable) or 0.59s-r1 (masked).

emerge sync
emerge mpg123 -p
emerge mpg123
emerge clean


Topics%20covered

Topics Covered

security advisory gentoo buffer overflow remote code execution mpg123

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : mpg123
SUMMARY : buffer overflow
DATE : 2003-09-30 14:32 UTC
EXPLOIT : remote
CVE : CAN-2003-0577

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow remote code execution mpg123

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here