Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201310-13 ] MPlayer: Multiple vulnerabilities
Date: Fri, 25 Oct 2013 19:15:21
Message-Id: 526AC2D4.50008@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201310-13
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: MPlayer: Multiple vulnerabilities
9 Date: October 25, 2013
10 Bugs: #253649, #279342, #339037, #379297, #394809
11 ID: 201310-13
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in MPlayer and the bundled
19 FFmpeg, the worst of which may lead to the execution of arbitrary code.
20
21 Background
22 ==========
23
24 MPlayer is a media player including support for a wide range of audio
25 and video formats.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-video/mplayer < 1.1-r1 >= 1.1-r1
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in MPlayer and the
39 bundled FFmpeg. Please review the CVE identifiers and FFmpeg GLSA
40 referenced below for details.
41
42 Impact
43 ======
44
45 A remote attacker could entice a user to open a crafted media file to
46 execute arbitrary code or cause a Denial of Service.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All MPlayer users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.1-r1"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2007-6718
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6718
66 [ 2 ] CVE-2008-4610
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4610
68 [ 3 ] CVE-2010-2062
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2062
70 [ 4 ] CVE-2010-3429
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429
72 [ 5 ] CVE-2011-3625
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3625
74 [ 6 ] FFmpeg: Multiple Vulnerabilities
75 http://security.gentoo.org/glsa/glsa-201310-12.xml
76
77 Availability
78 ============
79
80 This GLSA and any updates to it are available for viewing at
81 the Gentoo Security Website:
82
83 http://security.gentoo.org/glsa/glsa-201310-13.xml
84
85 Concerns?
86 =========
87
88 Security is a primary focus of Gentoo Linux and ensuring the
89 confidentiality and security of our users' machines is of utmost
90 importance to us. Any security concerns should be addressed to
91 security@g.o or alternatively, you may file a bug at
92 https://bugs.gentoo.org.
93
94 License
95 =======
96
97 Copyright 2013 Gentoo Foundation, Inc; referenced text
98 belongs to its owner(s).
99
100 The contents of this document are licensed under the
101 Creative Commons - Attribution / Share Alike license.
102
103 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature