Gentoo Linux Advisories: net-ftp/proftpd, media-video/mplayer

Sep 29, 2003, 19:51 (0 Talkback[s])

GENTOO LINUX SECURITY ANNOUNCEMENT 200309-16

PACKAGE	:	net-ftp/proftpd
SUMMARY	:	ASCII File Remote Compromise Vulnerability
DATE	:	2003-09-28 00:37 UTC
EXPLOIT	:	remote
VERSIONS AFFECTED	:	<proftpd-1.2.9_rc2
FIXED VERSION	:	=proftpd-1.2.9_rc2
GENTOO BUG ID	:	29452
CVE	:	none that we are aware of at this time

SUMMARY:

ISS X-Force discovered a vulnerability that could be triggered when a specially crafted file is uploaded to a proftpd server.

Read the full advisory at:
http://www.proftpd.org/

SOLUTION:

It is recommended that all Gentoo Linux users who are running net-ftp/proftpd upgrade to proftpd-1.29_rc2 as follows

emerge sync
emerge '>=net-ftp/proftpd-1.2.9_rc2'
emerge clean

solar@gentoo.org
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz

GENTOO LINUX SECURITY ANNOUNCEMENT 200309-15

PACKAGE	:	media-video/mplayer
SUMMARY	:	Buffer Overflow Vulnerability
DATE	:	2003-09-27 21:37 UTC
EXPLOIT	:	remote
VERSIONS AFFECTED	:	<=mplayer-0.91 =mplayer-1.0_pre1
FIXED VERSION	:	=mplayer-0.92 =mplayer-1.0_pre1-r1
GENTOO BUG ID	:	29640
CVE	:	none that we are aware of at this time

SUMMARY:
A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.

read the full advisory at:
http://www.mplayerhq.hu/homepage/design6/news.html

SOLUTION:

It is recommended that all Gentoo Linux users who are running media-video/mplayer upgrade to mplayer-0.92 as follows

emerge sync
emerge =media-video/mplayer-0.92
emerge clean

Additionally PaX users might want to /sbin/chpax -m /usr/bin/mplayer

solar@gentoo.org
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz

Top White Papers

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Gentoo Linux Advisories: net-ftp/proftpd, media-video/mplayer