Mandrakelinux Security Update Advisory
Package name: mplayer
Advisory ID: MDKSA-2004:026
Date: April 5th, 2004
Affected versions: 10.0, 9.2
Problem Description:
A remotely exploitable buffer overflow vulnerability was found
in MPlayer. A malicious host can craft a harmful HTTP header
(“Location:”), and trick MPlayer into executing arbitrary code upon
parsing that header.
The updated packages contain a patch from the MPlayer
development team to correct the problem.
References:
http://www.mplayerhq.hu/homepage/design6/news.html
Updated Packages:
Mandrakelinux 10.0:
134aa1652ff5325837ee0d1dd7062b2f
10.0/RPMS/libdha0.1-1.0-0.pre3.13.100mdk.i586.rpm
59d793c4ee7906121ad4c5847d8c48e5
10.0/RPMS/libpostproc0-1.0-0.pre3.13.100mdk.i586.rpm
379cfc3fca85254dc9e02e7dcfe3b8a5
10.0/RPMS/libpostproc0-devel-1.0-0.pre3.13.100mdk.i586.rpm
3255b8d6b3c07ab7e850291ccf448be4
10.0/RPMS/mencoder-1.0-0.pre3.13.100mdk.i586.rpm
8d9d2d1acdc13f45bf4145d57d2d8279
10.0/RPMS/mplayer-1.0-0.pre3.13.100mdk.i586.rpm
0326d955c0bd11c1f108c25bd6afec7c
10.0/RPMS/mplayer-gui-1.0-0.pre3.13.100mdk.i586.rpm
911e55e683df88c41df9ef9f2b09493f
10.0/SRPMS/mplayer-1.0-0.pre3.13.100mdk.src.rpm
Mandrakelinux 9.2:
d2335a0b3a0309a109db619a3c1247cd
9.2/RPMS/libdha0.1-0.91-8.2.92mdk.i586.rpm
3f739b2b8da578eec51d6c470d016861
9.2/RPMS/libpostproc0-0.91-8.2.92mdk.i586.rpm
bea49f0df30a6fc90c08ce7de955ad51
9.2/RPMS/libpostproc0-devel-0.91-8.2.92mdk.i586.rpm
fc157454aebde5fc4b40688c920987ff
9.2/RPMS/mencoder-0.91-8.2.92mdk.i586.rpm
ab6cbd8a28a845d714f5e572dadbd52b
9.2/RPMS/mplayer-0.91-8.2.92mdk.i586.rpm
18f43c4247b164f9c11dd2a70ab707c5
9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.i586.rpm
f930e2754ab5d7e284a71f5a9f40cc38
9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
b48538a9d9183d02d57b21b4b4fa1b02
amd64/9.2/RPMS/lib64postproc0-0.91-8.2.92mdk.amd64.rpm
19b0ae1cc45534f2b389059a64fde38c
amd64/9.2/RPMS/lib64postproc0-devel-0.91-8.2.92mdk.amd64.rpm
ec3be0bf7521721acf91f863d5af8bbc
amd64/9.2/RPMS/mencoder-0.91-8.2.92mdk.amd64.rpm
184a24f4121e7999cc650cb99f18e935
amd64/9.2/RPMS/mplayer-0.91-8.2.92mdk.amd64.rpm
e75f2c67e14004edaa204968ad92a134
amd64/9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.amd64.rpm
f930e2754ab5d7e284a71f5a9f40cc38
amd64/9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:
gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98
Please be aware that sometimes it takes the mirrors a few hours
to update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.