[PLSN-0003] - Remote exploits in mplayer

• Previous message: Sune Kloppenborg Jeppesen: "UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 22 Apr 2005 09:53:18 -0400
To: bugtraq@securityfocus.com

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0003
April 20, 2005

Remote buffer overflow and possible code execution in mplayer
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtre Linux release 1 ("Atlanta")

Description:

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln10:
   A buffer overflow vulnerability exists in the RTSP stream module,
   which could allow a malicious RealMedia server to execute arbitrary
   code.

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln11:
   A buffer overflow vulnerability exists in the MMST stream module,
   which could allow malicious servers of MMS or TCP streams to execute
   arbitrary code.

Packages:

   alpha
      MPlayer did not ship in rel1 for Alpha. Alpha is not affected by this
      vulnerability, and therefore no update is provided.

   i386
      4e71851034e4263a12f9000bdc3c461e mplayer-1.0pre7.i686.dist

   ppc
      901e0de5cc04cdddf94ff1cad9521776 mplayer-1.0pre7.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree Linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

-- 
Peachtree Linux Security Team
http://peachtree.burdell.org/

• application/pgp-signature attachment: stored

• Previous message: Sune Kloppenborg Jeppesen: "UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NEWS] Multiple Vulnerabilities in Oracle Database Server (40 Issues) ... Multiple buffer overflow and denial of service vulnerabilities exist ... DBMS_REPCAT_INSTANTIATE package ... To reproduce the overflow, execute the next PL/SQL: ... Oracle database user can exploit this vulnerability. ... (Securiteam) SUSE Security Announcement: lftp (SuSE-SA:2003:051) ... When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' ... Pending vulnerabilities in SUSE Distributions and Workarounds: ... Two vulnerabilities were found in the FreeRADIUS package. ... The other bug is a remote buffer overflow in the module rlm_smb. ... (Bugtraq) [Full-Disclosure] SUSE Security Announcement: lftp (SuSE-SA:2003:051) ... When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' ... Pending vulnerabilities in SUSE Distributions and Workarounds: ... Two vulnerabilities were found in the FreeRADIUS package. ... The other bug is a remote buffer overflow in the module rlm_smb. ... (Full-Disclosure) [PLSN-0003] - Remote exploits in MPlayer ... Peachtree Linux Security Notice PLSN-0003 ... A buffer overflow vulnerability exists in the RTSP stream module, ... which could allow malicious servers of MMS or TCP streams to execute ... Download the appropriate package for your release of Peachtree Linux. ... (Bugtraq) [PLSN-0001] - Multiple PHP vulnerabilities ... Peachtree Linux Security Notice PLSN-0001 ... Remote code execution and remote DoS vulnerability in PHP ... Download the appropriate package for your release of Peachtree Linux. ... (Bugtraq)