Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 4 articles for you...
197

Debian 10 Buster DLA-3256-1 Severe: MPlayer Memory Leak Patch

Several issues have been found in mplayer, a movie player for Unix-like systems. They are basically related to buffer overflows, divide by zero or out of . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3255-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz December 31, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : mplayer Version : 2:1.3.0-8+deb10u1 CVE ID : CVE-2022-38850 CVE-2022-38851 CVE-2022-38855 CVE-2022-38858 CVE-2022-38860 CVE-2022-38861 CVE-2022-38863 CVE-2022-38864 CVE-2022-38865 CVE-2022-38866 Several issues have been found in mplayer, a movie player for Unix-like systems. They are basically related to buffer overflows, divide by zero or out of bounds read in different parts of the code. For Debian 10 buster, these problems have been fixed in version 2:1.3.0-8+deb10u1. We recommend that you upgrade your mplayer packages. For the detailed security status of mplayer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/mplayer Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Notice DLA-3256-1 tackles urgent VLC vulnerabilities, notably buffer overruns. Immediate update advised.. Debian LTS, MPlayer Update, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 31, 2022 Critical Debian LTS
198

Arch Linux ASA-201605-11 Medium: Mplayer Denial Of Service

The package mplayer before version 37857-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201605-11 ========================================= Severity: Medium Date : 2016-05-07 CVE-ID : CVE-2016-4352 Package : mplayer Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package mplayer before version 37857-1 is vulnerable to denial of service. Resolution ========= Upgrade to 37857-1. # pacman -Syu "mplayer> =37857-1" The problem has been fixed upstream in version 37857. Workaround ========= None. Description ========== A vulnerability has been discovered that is leading to a crash when playing a fuzzed gif file. The gif demuxes assumed in many places that width*height is

Calendar%202 May 07, 2016 Medium ArchLinux
99

Slackware: 2023-045-01 Important: VLC Media Player Security Update

New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] MPlayer (SSA:2016-034-02) New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz: Upgraded. This is the latest MPlayer-1.2 branch, identical to the 1.2.1 stable release. The bundled ffmpeg has been upgraded to 2.8.5, which fixes two security issues by which a remote attacker may conduct a cross-origin attack and read arbitrary files on the system. For more information, see: https://www.cve.org/CVERecord?id=CVE-2016-1897 https://www.cve.org/CVERecord?id=CVE-2016-1898 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.37.txz Updated package forSlackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/MPlayer-1.2_20160125-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: ae6fb26d324d92424d7a2c916ad3db5c MPlayer-1.2_20160125-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 829a450e5e3e210900285362f89d4d20 MPlayer-1.2_20160125-x86_64-1_slack13.0.txz Slackware 13.1 package: 47180e392294fdc4af5c7bb0b3726bd1 MPlayer-1.2_20160125-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 2b46c4fc104775fda7fb66dc5e4c9fab MPlayer-1.2_20160125-x86_64-1_slack13.1.txz Slackware 13.37 package: 555698c9f7e19698d11af54c30010420 MPlayer-1.2_20160125-i486-1_slack13.37.txz Slackware x86_64 13.37 package: e838620fff3b7897c4abf400b7d6cc44 MPlayer-1.2_20160125-x86_64-1_slack13.37.txz Slackware 14.0 package: 4a553ffaa10ab8449cf57290044710d7 MPlayer-1.2_20160125-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 3af17776a3215a2e29cce431a2d09529 MPlayer-1.2_20160125-x86_64-1_slack14.0.txz Slackware 14.1 package: 5f3162bcdb712761405a6c12425de3a8 MPlayer-1.2_20160125-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 6877204e82bc69b766956a8e7cc2f8e5 MPlayer-1.2_20160125-x86_64-1_slack14.1.txz Slackware -current package: 270a1cf094a3175084f99fa13a2de51e xap/MPlayer-1.2_20160125-i586-1.txz Slackware x86_64 -current package: c24b4bd9c2c206f58f512cf113ad9d79 xap/MPlayer-1.2_20160125-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg MPlayer-1.2_20160125-i486-1_slack14.1.txz +-----+ . MPlayer security patch released for various Slackware versions addressing urgent vulnerabilities. Refer to the specifics and installation guidance.. MPlayer Security Update, Slackware Packages, Remote Exploit Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 04, 2016 Important Slackware
87

Debian 5.0 DSA-2044-1 Critical: MPlayer Integer Underflow Threat

tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an . - ------------------------------------------------------------------------ Debian Security Advisory DSA-2044-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Devin Carraway May 11, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : mplayer Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue. For the stable distribution (lenny), this problem has been fixed in version 1.0~rc2-17+lenny3.2. We recommend that you upgrade your mplayer packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5checksum: 2108 9ca97232aaa217afe30aef9800fdde5b Size/MD5 checksum: 360178 0cc960471e6ec0348456c014c774d941 Size/MD5 checksum: 11727998 f1da15bc4accee0a5551928e31d7b779 Architecture independent packages: Size/MD5 checksum: 2462986 7cc9feae37dfc8b1be944894a9891689 alpha architecture (DEC Alpha) Size/MD5 checksum: 3236612 5481602134b6af1771014eb7421de776 Size/MD5 checksum: 2233470 f033d746bfcd34cd209881b0331ef76f amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 3034790 7a9f3b0f603f127a59d9b0f1809b824f Size/MD5 checksum: 2281646 44731cb89ba3b80811d38cebc1172a5c arm architecture (ARM) Size/MD5 checksum: 2705438 76a8e88ec753cebda6fb72b6906b5a14 Size/MD5 checksum: 1977840 e6911242b55c4b5e906f433509491f99 hppa architecture (HP PA RISC) Size/MD5 checksum: 2052866 ca07a7fa2a1d81132457b3a2ae2f8223 Size/MD5 checksum: 2896686 a47fda1190c2460980aef76ea297f0bd i386 architecture (Intel ia32) Size/MD5 checksum: 2370060 38e7272ca5582496be4a2f60f627f4b0 Size/MD5 checksum: 3032114 fa1a9d2c47430dadc81bd41ab6620cd2 ia64 architecture (Intel ia64) Size/MD5 checksum: 2056822 333d96f89bdf9d180c411501d952299e Size/MD5 checksum: 3580016 ea7ae7ac0e7837cec6b1bc4be405eef0 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 2847092 9b8f943f84c5c60eea7d20ad0ebf0826 Size/MD5 checksum: 2120824 00788d698af99aad978503ea23bdd8b3 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 2064680 ff215968a214023be4dbb3875554c72b Size/MD5 checksum: 2840214 003e55d7e3c6b127a41b16ab99f09c43 powerpc architecture (PowerPC) Size/MD5 checksum: 1991722 a94b911fecf6f37d14d5de2d1fe9a0ed Size/MD5 checksum: 2867096 b6e68c0ff32e3974b0c84726ce57e215 s390 architecture (IBM S/390) Size/MD5 checksum: 2128050 b4075e1fb1350e32061cf5635b9b9556 Size/MD5 checksum: 2779844 b14c2c35e7287400b7c92f83b957061d sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 1898760 cbb824eafc9af867275f4abffbc89cd7 Size/MD5 checksum: 2688394 52c4508095e92e4e30b8a3d5da56b1fe These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . The advisory DSA-2044-1 for Debian identifies a critical integer underflow vulnerability in mplayer, which could potentially allow attackers to execute arbitrary code.. Debian Security, MPlayer Advisory, Code Execution Risk. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 11, 2010 Critical Debian
87

Debian: DSA-1782-1 Critical: Mplayer Arbitrary Code Execution

Several vulnerabilities have been discovered in mplayer, a movie player for Unix-like systems. The Common Vulnerabilities and Exposures project identifies the following problems: . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1782-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris April 29, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : mplayer Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2009-0385 CVE-2008-4866 CVE-2008-5616 Debian Bug : 508803 Several vulnerabilities have been discovered in mplayer, a movie player for Unix-like systems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0385 It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code. CVE-2008-4866 It was discovered that multiple buffer overflows could lead to the execution of arbitrary code. CVE-2008-5616 It was discovered that watching a malformed TwinVQ file could lead to the execution of arbitrary code. For the oldstable distribution (etch), these problems have been fixed in version 1.0~rc1-12etch7. For the stable distribution (lenny), mplayer links against ffmpeg-debian. For the testing distribution (squeeze) and the unstable distribution (sid), mplayer links against ffmpeg-debian. We recommend that you upgrade your mplayer packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources fromthe footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 10286260 815482129b79cb9390904b145c5def6c Size/MD5 checksum: 1273 e7c9ad9e2551b52efa5a3cdb8fd35d2c Size/MD5 checksum: 84770 d76ad6ec6787686da78803aa1adf9059 Architecture independent packages: Size/MD5 checksum: 2044098 fd2f11f26dc0ec4ded4328e0b4d3e47e alpha architecture (DEC Alpha) Size/MD5 checksum: 4708256 97d33072d97c242841e1c9667832e848 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 4383304 372b7f9d647f686a158147e40c48a26f arm architecture (ARM) Size/MD5 checksum: 4327022 0b7f858f1f13d191f91b58637722a4f2 hppa architecture (HP PA RISC) Size/MD5 checksum: 4384738 38aea3a449804561c3534f252223f099 i386 architecture (Intel ia32) Size/MD5 checksum: 4423484 c28e0b6a9225b90959e694c81de4dd65 ia64 architecture (Intel ia64) Size/MD5 checksum: 5848864 90a731ea1de356a7c5271f6a482ec5bd mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 4275736 268a3dda134988405a5f7cf130623229 powerpc architecture (PowerPC) Size/MD5 checksum: 4342866 3a7287844bd9e5770d0cbc46dfe40d71 s390 architecture (IBM S/390) Size/MD5 checksum: 4167778 34aaa0f7f4e971061b043599fe4c948a sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 4039612 63321e82e879daf54fa0ea022f6f657e These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Enhance mplayer toaddress several security flaws that may permit unauthorized code execution on Debian platforms. Immediate update advised.. Debian Security,Mplayer Issues,Code Execution Fix,Media Playback Security,Buffer Overflow Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 29, 2009 Critical Debian
91

Gentoo: GLSA-200901-07 Normal: MPlayer Arbitrary Code Execution

Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Multiple vulnerabilities Date: January 12, 2009 Updated: January 12, 2009 Bugs: #231836, #239130, #251017 ID: 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Background ========= MPlayer is a media player including support for a wide range of audio and video formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mplayer < 1.0_rc2_p28058-r1 > = 1.0_rc2_p28058-r1 Description ========== Multiple vulnerabilities have been reported in MPlayer: * A stack-based buffer overflow was found in the str_read_packet() function in libavformat/psxstr.c when processing crafted STR files that interleave audio and video sectors (CVE-2008-3162). * Felipe Andres Manzano reported multiple integer underflows in the demux_real_fill_buffer() function in demux_real.c when processing crafted Real Media files that cause the stream_read() function to read or write arbitrary memory (CVE-2008-3827). * Tobias Klein reported a stack-based buffer overflow in the demux_open_vqf() function in libmpdemux/demux_vqf.c when processing malformed TwinVQ files (CVE-2008-5616). Impact ===== A remote attacker could entice a user to opena specially crafted STR, Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-video/mplayer-1.0_rc2_p28058-r1 " References ========= [ 1 ] CVE-2008-3162 https://www.cve.org/CVERecord?id=CVE-2008-3162 [ 2 ] CVE-2008-3827 https://www.cve.org/CVERecord?id=CVE-2008-3827 [ 3 ] CVE-2008-5616 https://www.cve.org/CVERecord?id=CVE-2008-5616 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200901-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Several security flaws in VLC media player can enable attackers to run unauthorized code or cause a Denial of Service.. MPlayer Vulnerabilities,Gentoo Advisory,Media Player Security,Code Execution. . LinuxSecurity.com Team

Calendar%202 Jan 12, 2009 Gentoo
87

Debian 4.0: DSA 1313-1 Critical: MPlayer Buffer Overflow Risk

Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1313-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff June 19th, 2007 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : mplayer Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-2948 Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code. The oldstable distribution (sarge) doesn't include MPlayer packages. For the stable distribution (etch) this problem has been fixed in version 1.0~rc1-12etch1. For the unstable distribution (sid) this problem has been fixed in version 1.0~rc1-14. We recommend that you upgrade your mplayer package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: Size/MD5 checksum: 1265 6d0b64ba23476545f12d569535d32b13 Size/MD5 checksum: 84073 3408d0ce7dd69254e4478bb3131656e5 Size/MD5 checksum: 10286260 815482129b79cb9390904b145c5def6c Architecture independentcomponents: Size/MD5 checksum: 2048072 82908ef42c42b0afbcd120f26d979b7d Alpha architecture: Size/MD5 checksum: 4705284 469cef81b7b33e3e685357e65aae8206 AMD64 architecture: Size/MD5 checksum: 4373766 d10104203e02ea2dd261175182e2490b ARM architecture: Size/MD5 checksum: 4325882 3b11a9419811afee20430d7ea0aec792 HP Precision architecture: Size/MD5 checksum: 4383252 70286fae370f01d4749305f2b8240362 Intel IA-32 architecture: Size/MD5 checksum: 4421296 14dd476d508436d0307573082ae00913 Intel IA-64 architecture: Size/MD5 checksum: 5841084 c89e50a887abf7d5bf9d351459b57346 Big endian MIPS architecture: Size/MD5 checksum: 4274962 e0038a856d692f37da6b721065abace2 Little endian MIPS architecture: Size/MD5 checksum: 4278448 129388e3f9f1046189d1a0cd6725a3e1 PowerPC architecture: Size/MD5 checksum: 4341660 64cedae430b777fb0521c2f934203780 IBM S/390 architecture: Size/MD5 checksum: 4162858 80507ecf4866899227edf86e2557ca88 Sun Sparc architecture: Size/MD5 checksum: 4037328 44b1191fbc3702f0b72d54e58bbb68ac These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance VLC components to mitigate potential exploitation stemming from stack overflow vulnerabilities. Ensure your safety!. MPlayer Security Update, Debian Buffer Overflow, Arbitrary Code Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 29, 2007 Critical Debian
91

Gentoo: 200702-11 Normal: MPlayer Buffer Overflow Leading To DoS

A buffer overflow was found in MPlayer's RTSP plugin that could lead to a Denial of Service or arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200702-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Buffer overflow Date: February 27, 2007 Bugs: #159727 ID: 200702-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow was found in MPlayer's RTSP plugin that could lead to a Denial of Service or arbitrary code execution. Background ========= MPlayer is a media player capable of playing multiple media formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/mplayer < 1.0_rc1-r2 > = 1.0_rc1-r2 Description ========== When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Impact ===== An attacker can entice a user to connect to a manipulated RTSP server resulting in a Denial of Service and possibly execution of arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-video/mplayer-1.0_rc1-r2" References ========= [ 1 ] Original Advisory http://www.mplayerhq.hu/design7/news.html#vuln14 [ 2 ] CVE-2006-6172 https://www.cve.org/CVERecord?id=CVE-2006-6172 Availability =========== This GLSA andany updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200702-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Familiarize yourself with Gentoo's security notification concerning a buffer overflow vulnerability in MPlayer that poses potential threats to system integrity.. Gentoo Security, MPlayer Overflow, Denial of Service Issue, Media Player Security, Buffer Overflow Risk. . LinuxSecurity.com Team

Calendar%202 Feb 27, 2007 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200