LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2008:196 ] mplayer Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:196
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mplayer
 Date    : September 15, 2008
 Affected: 2008.0, 2008.1, Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 Uncontrolled array index in the sdpplin_parse function in
 stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers
 to overwrite memory and execute arbitrary code via a large streamid
 SDP parameter.
 
 The updated packages have been patched to fix this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1558
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 07986d15f18d7340ccdbf5906e65e2c4  2008.0/i586/libdha1.0-1.0-1.rc1.20.4mdv2008.0.i586.rpm
 d3c7f28d571a501a4f21a1755d1660ce  2008.0/i586/mencoder-1.0-1.rc1.20.4mdv2008.0.i586.rpm
 b59fee894fe681115cdb33e62dd270d0  2008.0/i586/mplayer-1.0-1.rc1.20.4mdv2008.0.i586.rpm
 6b85efde94633b2d71073f1c1fc3a9dc  2008.0/i586/mplayer-doc-1.0-1.rc1.20.4mdv2008.0.i586.rpm
 5b7db93db96afcde015a9ef42bca8554  2008.0/i586/mplayer-gui-1.0-1.rc1.20.4mdv2008.0.i586.rpm 
 0aa07da9587aa20dcb4316cc33b004b0  2008.0/SRPMS/mplayer-1.0-1.rc1.20.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 4ed443cd03adfb59ed71d9144224fccc  2008.0/x86_64/mencoder-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm
 75a636754a8e428cb6099b735b3bda61  2008.0/x86_64/mplayer-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm
 eef1df30deb2424a34ebd53be0738dbe  2008.0/x86_64/mplayer-doc-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm
 efd52fecf218dfe2d1a2fe2af0d350c2  2008.0/x86_64/mplayer-gui-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm 
 0aa07da9587aa20dcb4316cc33b004b0  2008.0/SRPMS/mplayer-1.0-1.rc1.20.4mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 4c9e6653d3a609e3b0e12b2a2d782190  2008.1/i586/mencoder-1.0-1.rc2.10.3mdv2008.1.i586.rpm
 b86bd6f6814f76446e36b3ee6c16a388  2008.1/i586/mplayer-1.0-1.rc2.10.3mdv2008.1.i586.rpm
 4d27ac4774ce0a0b88d5ff0717f6e6e2  2008.1/i586/mplayer-doc-1.0-1.rc2.10.3mdv2008.1.i586.rpm
 edae8ef02bd7511176b17cac685690c6  2008.1/i586/mplayer-gui-1.0-1.rc2.10.3mdv2008.1.i586.rpm 
 c0033a7acff75a3b0469d04d9dad5a84  2008.1/SRPMS/mplayer-1.0-1.rc2.10.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 26bea74f84a5ed367520f481d4c5c1d3  2008.1/x86_64/mencoder-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm
 fa84cc334968489e822ff5eda7e5b310  2008.1/x86_64/mplayer-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm
 9b1a8ae19758c90487508e429abf14a3  2008.1/x86_64/mplayer-doc-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm
 5348eac886ab0abbfbffc95dfef3a9e4  2008.1/x86_64/mplayer-gui-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm 
 c0033a7acff75a3b0469d04d9dad5a84  2008.1/SRPMS/mplayer-1.0-1.rc2.10.3mdv2008.1.src.rpm

 Corporate 3.0:
 88de2e0d1778f0b6559d5212197cd22a  corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.16.C30mdk.i586.rpm
 a8ea83b08be774da5331ed8d9b0e1105  corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.16.C30mdk.i586.rpm
 9dec12f64b68aa8fc9a677f673e180a3  corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.16.C30mdk.i586.rpm
 629aa4300a95d168bf09606b99d12246  corporate/3.0/i586/mencoder-1.0-0.pre3.14.16.C30mdk.i586.rpm
 8422c5b0399372678f95ee8c17df6ba4  corporate/3.0/i586/mplayer-1.0-0.pre3.14.16.C30mdk.i586.rpm
 d2afff5a819c129b693e9c8024d45695  corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.16.C30mdk.i586.rpm 
 1158a9332df052cc32a1dcc17a486278  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.16.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e0338d0c3cb1e2c33d50d63ab9a4627f  corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
 fd765680b0928c0c75f01fda39fd822b  corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
 4c6c6b477acaf47ecf7ddd5fd15916a0  corporate/3.0/x86_64/mencoder-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
 7282864f91152a9cc2d1a93fe9f93732  corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
 b6b49c3aec318ea67e31b8ca94597ad5  corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.16.C30mdk.x86_64.rpm 
 1158a9332df052cc32a1dcc17a486278  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.16.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.