-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:192 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mplayer Date : October 1, 2007 Affected: 2007.0, 2007.1 _______________________________________________________________________ Problem Description: A heap-based buffer overflow was found in MPlayer's AVI handling that could allow a remote attacker to cause a denial of service or possibly execute arbitrary code via a crafted .avi file. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 664764460655f8fa3ffe837fe1c753c4 2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm 92e7649f53c13651062b76f33b093f16 2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm ea399734d197db1b88a8706ad9bf855a 2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm 9d751d448cf399915dc11233f291bed5 2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: a841c634484003178dbe3edcf04250fb 2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 0c59b24ecd8977087b546ad373b5c556 2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 8a9e6cd4f9b438470a08f770a6f3faca 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm Mandriva Linux 2007.1: 1f9dba71ed8296072bbb29a276b24349 2007.1/i586/libdha1.0-1.0-1.rc1.11.3mdv2007.1.i586.rpm b679aa7cfb01a9173539045c7ae06a42 2007.1/i586/mencoder-1.0-1.rc1.11.3mdv2007.1.i586.rpm 518690338f0b044e2e591f9cc49c3eab 2007.1/i586/mplayer-1.0-1.rc1.11.3mdv2007.1.i586.rpm 54a46f319a936e2e94c833385dc01b92 2007.1/i586/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.i586.rpm bd9470eb57ee6ced6a9e3358d8d47484 2007.1/i586/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.i586.rpm 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: af0ee01741af03a7a75b6a5289dbca9d 2007.1/x86_64/mencoder-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 0e7e5f18937ebd4a050a683da5116e3e 2007.1/x86_64/mplayer-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 4eeb75257e99b553e90b2c767fce6903 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 2604e564242de95388b4e543624db4dc 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHAV4CmqjQ0CJFipgRAhrhAKC9bfRHlSG6+oVGztLTNtG5AfVqgACg21JC obuu0r4eZMhQuLCVAh4l7Ms= =WAef -----END PGP SIGNATURE-----