Mandrakelinux Security Update Advisory
Package name: mplayer
Advisory ID: MDKSA-2004:026
Date: April 5th, 2004
Affected versions: 10.0, 9.2
Problem Description:
A remotely exploitable buffer overflow vulnerability was found
in MPlayer. A malicious host can craft a harmful HTTP header
(“Location:”), and trick MPlayer into executing arbitrary code upon
parsing that header.
The updated packages contain a patch from the MPlayer
development team to correct the problem.
References:
http://www.mplayerhq.hu/homepage/design6/news.html
Updated Packages:
Mandrakelinux 10.0:
134aa1652ff5325837ee0d1dd7062b2f
10.0/RPMS/libdha0.1-1.0-0.pre3.13.100mdk.i586.rpm
59d793c4ee7906121ad4c5847d8c48e5
10.0/RPMS/libpostproc0-1.0-0.pre3.13.100mdk.i586.rpm
379cfc3fca85254dc9e02e7dcfe3b8a5
10.0/RPMS/libpostproc0-devel-1.0-0.pre3.13.100mdk.i586.rpm
3255b8d6b3c07ab7e850291ccf448be4
10.0/RPMS/mencoder-1.0-0.pre3.13.100mdk.i586.rpm
8d9d2d1acdc13f45bf4145d57d2d8279
10.0/RPMS/mplayer-1.0-0.pre3.13.100mdk.i586.rpm
0326d955c0bd11c1f108c25bd6afec7c
10.0/RPMS/mplayer-gui-1.0-0.pre3.13.100mdk.i586.rpm
911e55e683df88c41df9ef9f2b09493f
10.0/SRPMS/mplayer-1.0-0.pre3.13.100mdk.src.rpm
Mandrakelinux 9.2:
d2335a0b3a0309a109db619a3c1247cd
9.2/RPMS/libdha0.1-0.91-8.2.92mdk.i586.rpm
3f739b2b8da578eec51d6c470d016861
9.2/RPMS/libpostproc0-0.91-8.2.92mdk.i586.rpm
bea49f0df30a6fc90c08ce7de955ad51
9.2/RPMS/libpostproc0-devel-0.91-8.2.92mdk.i586.rpm
fc157454aebde5fc4b40688c920987ff
9.2/RPMS/mencoder-0.91-8.2.92mdk.i586.rpm
ab6cbd8a28a845d714f5e572dadbd52b
9.2/RPMS/mplayer-0.91-8.2.92mdk.i586.rpm
18f43c4247b164f9c11dd2a70ab707c5
9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.i586.rpm
f930e2754ab5d7e284a71f5a9f40cc38
9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
b48538a9d9183d02d57b21b4b4fa1b02
amd64/9.2/RPMS/lib64postproc0-0.91-8.2.92mdk.amd64.rpm
19b0ae1cc45534f2b389059a64fde38c
amd64/9.2/RPMS/lib64postproc0-devel-0.91-8.2.92mdk.amd64.rpm
ec3be0bf7521721acf91f863d5af8bbc
amd64/9.2/RPMS/mencoder-0.91-8.2.92mdk.amd64.rpm
184a24f4121e7999cc650cb99f18e935
amd64/9.2/RPMS/mplayer-0.91-8.2.92mdk.amd64.rpm
e75f2c67e14004edaa204968ad92a134
amd64/9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.amd64.rpm
f930e2754ab5d7e284a71f5a9f40cc38
amd64/9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:
gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98
Please be aware that sometimes it takes the mirrors a few hours
to update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>