1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- ------------------------------------------------------------------------ |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-15 |
6 |
- ------------------------------------------------------------------------ |
7 |
PACKAGE : media-video/mplayer |
8 |
SUMMARY : Buffer Overflow Vulnerability |
9 |
DATE : 2003-09-27 21:37 UTC |
10 |
EXPLOIT : remote |
11 |
VERSIONS AFFECTED : <=mplayer-0.91 =mplayer-1.0_pre1 |
12 |
FIXED VERSION : =mplayer-0.92 =mplayer-1.0_pre1-r1 |
13 |
GENTOO BUG ID : 29640 |
14 |
CVE : none that we are aware of at this time |
15 |
- ------------------------------------------------------------------------ |
16 |
|
17 |
SUMMARY: |
18 |
A remotely exploitable buffer overflow vulnerability was found in |
19 |
MPlayer. A malicious host can craft a harmful ASX header, and trick |
20 |
MPlayer into executing arbitrary code upon parsing that header. |
21 |
|
22 |
read the full advisory at: |
23 |
http://www.mplayerhq.hu/homepage/design6/news.html |
24 |
|
25 |
SOLUTION: |
26 |
|
27 |
It is recommended that all Gentoo Linux users who are running |
28 |
media-video/mplayer upgrade to mplayer-0.92 as follows |
29 |
|
30 |
emerge sync |
31 |
emerge =media-video/mplayer-0.92 |
32 |
emerge clean |
33 |
|
34 |
Additionally PaX users might want to /sbin/chpax -m /usr/bin/mplayer |
35 |
|
36 |
- - - --------------------------------------------------------------------- |
37 |
solar@g.o |
38 |
aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz |
39 |
- - - --------------------------------------------------------------------- |
40 |
|
41 |
-----BEGIN PGP SIGNATURE----- |
42 |
Version: GnuPG v1.2.3 (GNU/Linux) |
43 |
|
44 |
iD8DBQE/eEA1fT7nyhUpoZMRAtEeAJ9xPIFRQlixCojNLTxXbZnKc3HxogCgtfwE |
45 |
FxePCaOajma2VGAWpq4YHag= |
46 |
=75dn |
47 |
-----END PGP SIGNATURE----- |