FrSIRT - Mandriva Security Update Fixes Mplayer Buffer Overflow Vulnerabilities / Exploit

French Security Incident Response Team

Français

English

Mandriva Security Update Fixes Mplayer Buffer Overflow Vulnerabilities

Date de Publication : 2008-02-15 © FrSIRT.COM
Titre : Mandriva Security Update Fixes Mplayer Buffer Overflow Vulnerabilities
Identifiant : FrSIRT/AVIS-2008-0561
CVE : GENERIC-MAP-NOMATCH
Risque : Critique (4/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Plusieurs vulnérabilités ont été identifiées dans Mandriva, elles pourraient être exploitées par des attaquants afin de causer un déni de service ou compromettre un système vulnérable [...]

Solution

Installer les mises à jour :

Mandriva Linux 2007.1:
bc4d94bebd6e6d3f5ae8939c2a6eae17 2007.1/i586/libdha1.0-1.0-1.rc1.11.5mdv2007.1.i586.rpm
7b01d664225bcb1bd474dfd97d3e50a3 2007.1/i586/mencoder-1.0-1.rc1.11.5mdv2007.1.i586.rpm
b1258431ee88be325c9c407b0ae238ae 2007.1/i586/mplayer-1.0-1.rc1.11.5mdv2007.1.i586.rpm
9ac91fe253b625a24f03613912eaf905 2007.1/i586/mplayer-doc-1.0-1.rc1.11.5mdv2007.1.i586.rpm
e674dc2f80cfb01a3d58e1f323bf028e 2007.1/i586/mplayer-gui-1.0-1.rc1.11.5mdv2007.1.i586.rpm
f6c93fbb2298603dcadfcc199e920f4c 2007.1/SRPMS/mplayer-1.0-1.rc1.11.5mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
8e8356ef4f1d82350b2ec4603e9c97ab 2007.1/x86_64/mencoder-1.0-1.rc1.11.5mdv2007.1.x86_64.rpm
24cbb105fc1b2d538a291635af1175f5 2007.1/x86_64/mplayer-1.0-1.rc1.11.5mdv2007.1.x86_64.rpm
270d9a22d97b311808be80b25b9e0d46 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.5mdv2007.1.x86_64.rpm
b895f7c06b55b182aef4a077f842574f 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.5mdv2007.1.x86_64.rpm
f6c93fbb2298603dcadfcc199e920f4c 2007.1/SRPMS/mplayer-1.0-1.rc1.11.5mdv2007.1.src.rpm

Mandriva Linux 2008.0:
f58551219080f3ac3893b996276e24e0 2008.0/i586/libdha1.0-1.0-1.rc1.20.2mdv2008.0.i586.rpm
edc7b645e0da4e96761cfb4277f00e3d 2008.0/i586/mencoder-1.0-1.rc1.20.2mdv2008.0.i586.rpm
2b89bc02908f421c2e18771abbb009a0 2008.0/i586/mplayer-1.0-1.rc1.20.2mdv2008.0.i586.rpm
e9ec1a063f1b0f6e63efbfc14c65f95e 2008.0/i586/mplayer-doc-1.0-1.rc1.20.2mdv2008.0.i586.rpm
b43c4c4705f12fad0c612f188b84f3ba 2008.0/i586/mplayer-gui-1.0-1.rc1.20.2mdv2008.0.i586.rpm
5776eb9afddc671d323ca44c8b7d3efb 2008.0/SRPMS/mplayer-1.0-1.rc1.20.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e5f6acd329239d27ba4e89300d54046d 2008.0/x86_64/mencoder-1.0-1.rc1.20.2mdv2008.0.x86_64.rpm
8af0e97fa75444467bb187ba73f0fa14 2008.0/x86_64/mplayer-1.0-1.rc1.20.2mdv2008.0.x86_64.rpm
3fa2fd143c74b1210bf8d49b22e3996f 2008.0/x86_64/mplayer-doc-1.0-1.rc1.20.2mdv2008.0.x86_64.rpm
fd53467bec0513eab96b672777c5a0c5 2008.0/x86_64/mplayer-gui-1.0-1.rc1.20.2mdv2008.0.x86_64.rpm
5776eb9afddc671d323ca44c8b7d3efb 2008.0/SRPMS/mplayer-1.0-1.rc1.20.2mdv2008.0.src.rpm

Corporate 3.0:
65ce689c4bdc14b5ae19697ea685b469 corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.14.C30mdk.i586.rpm
908d34d7373434280d7e384745f11509 corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.14.C30mdk.i586.rpm
9394b4a56ac7879785ba3ba3b40cf2e4 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.14.C30mdk.i586.rpm
07b4ed8181c85011191d4536f8972654 corporate/3.0/i586/mencoder-1.0-0.pre3.14.14.C30mdk.i586.rpm
6b9be8b56f7f375c3bba37786e015ce3 corporate/3.0/i586/mplayer-1.0-0.pre3.14.14.C30mdk.i586.rpm
5bb8239d3f5a93bd3b5fb6be9015b99b corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.14.C30mdk.i586.rpm
dd4f44dc8d0aa181b7ce3c5be006ef21 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.14.C30mdk.src.rpm

Corporate 3.0/X86_64:
3be2677a831513f23e3c223f2c0b1988 corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.14.C30mdk.x86_64.rpm
ef16b06b058c39529edfdb4904bfa017 corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.14.C30mdk.x86_64.rpm
2c21398a4ca6d86f6bb464b3f4bab6bf corporate/3.0/x86_64/mencoder-1.0-0.pre3.14.14.C30mdk.x86_64.rpm
c9b10c36682298ba5e62ec9509ed5593 corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.14.C30mdk.x86_64.rpm
b6ee8f8919df04406d00b4acf349cd6d corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.14.C30mdk.x86_64.rpm
dd4f44dc8d0aa181b7ce3c5be006ef21 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.14.C30mdk.src.rpm

Historique

2008-02-15 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	IBM Lotus Quickr Denial of Service Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability

	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability

	Sun Java System Web Proxy Server FTP Heap Overflow
	Sun Solaris ACL UFS File Systems Denial of Service Vulnerability
	Sun Solaris Text Editors Tag Files Local Code Execution Vulnerability
	Sun Management Center Remote Denial of Service Vulnerability
	Sun Solaris Bzip2 Archive Handling Denial of Service Vulnerability
	Sun Solaris GNU Tar Headers Handling Buffer Overflow Vulnerability
	Sun Solaris Covert Channel Local Security Bypass Vulnerability