Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Gentoo Media-Video/MPlayer Remote Exploit: 200309-15 Severe Buffer Overflow

gentoo
Calendar Grey September 29, 2003
Dist Gentoo Esm H88
To tackle the remote buffer overflow vulnerability in MPlayer, enhance Gentoo system security by updating the media-video/mplayer package to the latest version
A remotely exploitable buffer overflow vulnerability was found in MPlayer

Summary


- ------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-15
- ------------------------------------------------------------------------
    FIXED VERSION : =mplayer-0.92 =mplayer-1.0_pre1-r1
    GENTOO BUG ID : 29640
- ------------------------------------------------------------------------
SUMMARY:
 A remotely exploitable buffer overflow vulnerability was found in
 MPlayer. A malicious host can craft a harmful ASX header, and trick
 MPlayer into executing arbitrary code upon parsing that header.

read the full advisory at:

SOLUTION:
It is recommended that all Gentoo Linux users who are running media-video/mplayer upgrade to mplayer-0.92 as follows
emerge sync emerge =media-video/mplayer-0.92 emerge clean
Additionally PaX users might want to /sbin/chpax -m /usr/bin/mplayer
solar@gentoo.org aliz@gentoo.org - GnuPG key is available at

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : media-video/mplayer
SUMMARY : Buffer Overflow Vulnerability
DATE : 2003-09-27 21:37 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <=mplayer-0.91 =mplayer-1.0_pre1
CVE : none that we are aware of at this time

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround