From security@mandriva.com Wed Dec 14 20:20:47 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Wed, 14 Dec 2005 17:56:05 -0700 Subject: [Full-disclosure] MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:230 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mplayer Date : December 14, 2005 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Mplayer is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 0ec3fbc7140878b8852bfe4523bc976f 2006.0/RPMS/libdha1.0-1.0-1.pre7.12.1.20060mdk.i586.rpm 4d06925f029d9cb90de021361ec1eb8a 2006.0/RPMS/libpostproc0-1.0-1.pre7.12.1.20060mdk.i586.rpm 480697743af240b95de26f3ee2ee27bb 2006.0/RPMS/libpostproc0-devel-1.0-1.pre7.12.1.20060mdk.i586.rpm bd5f41b990b0f44258e22574f7995267 2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.i586.rpm 2e03b0379a736eeda906f521f51a8aae 2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.i586.rpm a0b6a9272cb389107871176acd59374d 2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.i586.rpm 598d3194b03a2953478058300e9867be 2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 5ec60b589f7b913e5da5b410d476df34 x86_64/2006.0/RPMS/lib64postproc0-1.0-1.pre7.12.1.20060mdk.x86_64.rpm f169744934c966e9d6f063bdaabe61df x86_64/2006.0/RPMS/lib64postproc0-devel-1.0-1.pre7.12.1.20060mdk.x86_64.rpm e5cd5361fbf279b75adeb038e45f30b3 x86_64/2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.x86_64.rpm d955698040d2ccc2999b847b5f2d675b x86_64/2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.x86_64.rpm 1f4bdb33c3e36ee18be2caaef670882d x86_64/2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.x86_64.rpm 598d3194b03a2953478058300e9867be x86_64/2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm Corporate 3.0: 573a0671a726dda3e54147a1c9ba29ed corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.5.C30mdk.i586.rpm aa92e33a95a2e1848b9204fdb7d7e802 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.5.C30mdk.i586.rpm 52cbda2a1568908abb2b5dfe6e5df742 corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.5.C30mdk.i586.rpm 2d4eef182721451a986db84cd02bb98f corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.i586.rpm 74c84c00d4f23cd359b2b86ecd441a35 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.i586.rpm 168340803feefa90fd44204f1a57832e corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.i586.rpm 37026a2af62ea105e5191ba63ae7abcc corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm Corporate 3.0/X86_64: 8fbf576d3d232fcdc273ee79d1b8a411 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.5.C30mdk.x86_64.rpm bfeeb43e38be402db9a15d09017c57fc x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.5.C30mdk.x86_64.rpm b261ec2a243b557b842372a8500e0102 x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 5ee546e66a0956b4cfcc8f7f76ac5c1b x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 5d079fccbb6aa538e2e462bf8195ccf1 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 37026a2af62ea105e5191ba63ae7abcc x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoItpmqjQ0CJFipgRAnHYAKD1C/yirdkJgmCCgzHQ3LuPbrCvCQCfdo04 B4ULYp42H7z3rnTp5a+UcVo= =fnux -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/