Full Disclosure mailing list archives
GLSA: media-video/mplayer (200309-15)
From: aliz () gentoo org (Daniel Ahlberg)
Date: Mon, 29 Sep 2003 16:22:45 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ GENTOO LINUX SECURITY ANNOUNCEMENT 200309-15 - ------------------------------------------------------------------------ PACKAGE : media-video/mplayer SUMMARY : Buffer Overflow Vulnerability DATE : 2003-09-27 21:37 UTC EXPLOIT : remote VERSIONS AFFECTED : <=mplayer-0.91 =mplayer-1.0_pre1 FIXED VERSION : =mplayer-0.92 =mplayer-1.0_pre1-r1 GENTOO BUG ID : 29640 CVE : none that we are aware of at this time - ------------------------------------------------------------------------ SUMMARY: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. read the full advisory at: http://www.mplayerhq.hu/homepage/design6/news.html SOLUTION: It is recommended that all Gentoo Linux users who are running media-video/mplayer upgrade to mplayer-0.92 as follows emerge sync emerge =media-video/mplayer-0.92 emerge clean Additionally PaX users might want to /sbin/chpax -m /usr/bin/mplayer - - - --------------------------------------------------------------------- solar () gentoo org aliz () gentoo org - GnuPG key is available at http://dev.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/eEA1fT7nyhUpoZMRAtEeAJ9xPIFRQlixCojNLTxXbZnKc3HxogCgtfwE FxePCaOajma2VGAWpq4YHag= =75dn -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: media-video/mplayer (200309-15) Daniel Ahlberg (Oct 01)