Mandriva 1273 Published by

Updated mplayer packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: mplayer
Advisory ID: MDKSA-2005:115
Date: July 11th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Two heap overflows were discovered in mplayer's code handling the RealMedia RTSP and Microsoft Media Services streams over TCP (MMST). These vulnerabilities could allow for a malicious server to execute arbitrary code on the client computer with the permissions of the user running MPlayer.

The updated packages have been patched to correct this problem.



_______________________________________________________________________

References:

http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
bd10af1b022eab6c708b798b788d8f8f 10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm
0f045ff30c496287bca8ecb70fd3f9d4 10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm
2d6cc0414095376592ca2f31b530e139 10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm
083b1fd4689665cc07477f87d171d614 10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm
8428f9c5e8216dc20f92ddccbaaa906c 10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm
596d46dd4d84deda9e5b38910e4d6f78 10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm
b74e89d4c606c99857a5a5a4314e2cc3 10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
bd10af1b022eab6c708b798b788d8f8f x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm
0f045ff30c496287bca8ecb70fd3f9d4 x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm
2d6cc0414095376592ca2f31b530e139 x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm
083b1fd4689665cc07477f87d171d614 x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm
8428f9c5e8216dc20f92ddccbaaa906c x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm
596d46dd4d84deda9e5b38910e4d6f78 x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm
b74e89d4c606c99857a5a5a4314e2cc3 x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm

Mandrakelinux 10.2:
4c177eb3a8868ef01de7f8f645a8df1e 10.2/RPMS/libdha1.0-1.0-0.pre6.8.1.102mdk.i586.rpm
e1c7dbc6206e73501b30eb57effdac5a 10.2/RPMS/libpostproc0-1.0-0.pre6.8.1.102mdk.i586.rpm
2d3e70104fdb6d95895a7ee2bde6595d 10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.1.102mdk.i586.rpm
99a4599c171c4d497a846ea04ca17f69 10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.i586.rpm
c227f20edb5d7918baf3c57bb0873821 10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.i586.rpm
fbd9082c731f6f2c1ffb9e4f8d34b3b9 10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.i586.rpm
99eae364cc22227fd060a30c04d16ee0 10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
4fac156842e3d8128f3db891176cf5bc x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.1.102mdk.x86_64.rpm
4e400c2a8eec069eb48b174dad260630 x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.1.102mdk.x86_64.rpm
4b6be0070a94b344a273c58a72887e09 x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.x86_64.rpm
74c034b62e9a521bc1940a055ed85efa x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.x86_64.rpm
939796a7a34edfd1a28ede74945f6476 x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.x86_64.rpm
99eae364cc22227fd060a30c04d16ee0 x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm

Corporate 3.0:
d41099adcaa6d11c38e89b576cd29c0e corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.2.C30mdk.i586.rpm
957d003a9d6a87dcef47000389cf1718 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.2.C30mdk.i586.rpm
2e03d433c8c85d92fd5f3b55993657a4 corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.2.C30mdk.i586.rpm
c7db9472c5307cf4b2101cf85258374b corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.i586.rpm
2ff16f611b2e04279d82d334d22e09b2 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.i586.rpm
c893a7b1127e6a6b882f8a805197f704 corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.i586.rpm
33af37ca45913f9143a14c54cf599ea9 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
d56e4c1c37fc14c358679c9965a1a631 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
855ab006ca3e953ff0b2e74dc945ec4e x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
735165e505cd65f4c035778e681b4da1 x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
0bbec21ba423cdeb16d1d3a86ce48d70 x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
314b912d457e48b4a09ca03e94600310 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
33af37ca45913f9143a14c54cf599ea9 x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com