Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Fri, 22 Apr 2005 09:53:18 -0400
From: Peachtree Linux Security Team <security@peachtree.burdell.org.>
To: [email protected]
Subject: [PLSN-0003] - Remote exploits in mplayer
Message-ID: <20050422135318.GA10018@kevlar.burdell.org.>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0003
April 20, 2005

Remote buffer overflow and possible code execution in mplayer
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtre Linux release 1 ("Atlanta")

Description:

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln10:
   A buffer overflow vulnerability exists in the RTSP stream module,
   which could allow a malicious RealMedia server to execute arbitrary
   code.

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln11:
   A buffer overflow vulnerability exists in the MMST stream module,
   which could allow malicious servers of MMS or TCP streams to execute
   arbitrary code.

Packages:

   alpha
      MPlayer did not ship in rel1 for Alpha.  Alpha is not affected by this
      vulnerability, and therefore no update is provided.

   i386
      4e71851034e4263a12f9000bdc3c461e  mplayer-1.0pre7.i686.dist

   ppc
      901e0de5cc04cdddf94ff1cad9521776  mplayer-1.0pre7.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree Linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

--=20
Peachtree Linux Security Team
http://peachtree.burdell.org/

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCaQHOnchtWYh7oqQRAhIPAKCQ9woLZrLu4OKn//u2YBhmltVoYgCgmuDX
mAxXh0BvwK3BgT4PBS+Z6v4=
=D+gY
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: