Date: Thu, 21 Apr 2005 16:50:13 -0400
From: Peachtree Linux Security Team <security@peachtree.burdell.org.>
To: [email protected]Subject: [PLSN-0003] - Remote exploits in MPlayer
Message-ID: <20050421205013.GA20753@kevlar.burdell.org.>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru
--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0003
April 20, 2005
Remote buffer overflow and possible code execution in mplayer
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
---------------------------------------------------------------------------
The following Peachtree Linux releases are affected:
Peachtre Linux release 1 ("Atlanta")
Description:
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10:
A buffer overflow vulnerability exists in the RTSP stream module,
which could allow a malicious RealMedia server to execute arbitrary
code.
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11:
A buffer overflow vulnerability exists in the MMST stream module,
which could allow malicious servers of MMS or TCP streams to execute
arbitrary code.
Packages:
alpha
MPlayer did not ship in rel1 for Alpha. Alpha is not affected by this
vulnerability, and therefore no update is provided.
i386
4e71851034e4263a12f9000bdc3c461e mplayer-1.0pre7.i686.dist
ppc
901e0de5cc04cdddf94ff1cad9521776 mplayer-1.0pre7.ppc.dist
Solution:
Download the appropriate package for your release of Peachtree Linux.
Upgrade your system to the new package:
distadd -u packagename
Where package name is the name of the package file from the list above.
--=20
Peachtree Linux Security Team
http://peachtree.burdell.org/
--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCaBIFnchtWYh7oqQRAtTDAJ4sttU2uVOxqi+QcuahLnwIQycZQQCfZ5E9
C0+Yy2yeCVArseGJfaXvtTw=
=QYGk
-----END PGP SIGNATURE-----
--lrZ03NoBR/3+SXJZ--