User: Password:
Subscribe / Log in / New account

Mageia alert MGASA-2012-0141 (mplayer)

From:  Mageia Updates <>
Subject:  [updates-announce] MGASA-2012-0141: mplayer-1.0-1.rc4.0.r32713.5.4.mga1 (1/core, tainted)
Date:  Mon, 9 Jul 2012 16:22:13 +0200
Message-ID:  <>
Archive-link:  Article, Thread

MGASA-2012-0141 Date: July 9th, 2012 Affected releases: 1 Description: Updated mplayer packages fix security vulnerabilities: nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) atrac3: Fix crash in tonal component decoding (CVE-2012-0853) mjpegbdec: Fix overflow in SOS (CVE-2011-3947) kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) h264: Add check for invalid chroma_format_idc (CVE-2012-0851) adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) kmvc: Check palsize (CVE-2011-3952) Updated Packages: mplayer-1.0-1.rc4.0.r32713.5.4.mga1 mplayer-doc-1.0-1.rc4.0.r32713.5.4.mga1 mplayer-gui-1.0-1.rc4.0.r32713.5.4.mga1 mencoder-1.0-1.rc4.0.r32713.5.4.mga1 References:

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds