[PLSN-0003] - Remote exploits in MPlayer [LWN.net]

From:		Peachtree Linux Security Team <security-AT-peachtree.burdell.org>
To:		bugtraq-AT-securityfocus.com
Subject:		[PLSN-0003] - Remote exploits in MPlayer
Date:		Thu, 21 Apr 2005 16:50:13 -0400

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0003
April 20, 2005

Remote buffer overflow and possible code execution in mplayer
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtre Linux release 1 ("Atlanta")

Description:

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln10:
   A buffer overflow vulnerability exists in the RTSP stream module,
   which could allow a malicious RealMedia server to execute arbitrary
   code.

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln11:
   A buffer overflow vulnerability exists in the MMST stream module,
   which could allow malicious servers of MMS or TCP streams to execute
   arbitrary code.

Packages:

   alpha
      MPlayer did not ship in rel1 for Alpha.  Alpha is not affected by this
      vulnerability, and therefore no update is provided.

   i386
      4e71851034e4263a12f9000bdc3c461e  mplayer-1.0pre7.i686.dist

   ppc
      901e0de5cc04cdddf94ff1cad9521776  mplayer-1.0pre7.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree Linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

-- 
Peachtree Linux Security Team
http://peachtree.burdell.org/

(Log in to post comments)