Vulnerability Reported: a Patch for MPlayer
Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.
The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.
Issue 191/2016
Buy this issue as a PDF
News
-
Nextcloud Announces Raspberry Pi-Powered Home Cloud Box
Innovative system adds a hard drive and Ubuntu Core to the RPi for an IoT hub.
-
Linus Torvalds Confirms the Date of the First Linux Release
Linux is two weeks younger than we thought!
-
End of OpenOffice?
The Apache Software Foundation considers retiring OpenOffice
-
Adobe Gives New Life to NPAPI Plugin for Linux
Adobe won’t kill the plugin in 2017
-
LinuxCon North America Convenes in Toronto, Canada
Linux Foundation's big event celebrates the 25th anniversary of Linux
-
Linux Turns 25
Linux has evolved from “won’t be a professional” project to one of the most professional software projects in the history of computers.
-
Mirantis Joins Hands with SUSE To Offer RHEL Support; Red Hat Not Happy
Competitors get in the game with RHEL without Red Hat
-
Linux on Windows 10 Poses a Security Risk
Security researchers have already notified Microsoft; some fixes are available
-
Mirantis to Refactor OpenStack Fuel for Kubernetes
The company is collaborating with Google and Intel to use Kubernetes as an engine for Fuel
-
Canonical Joins Document Foundation Advisory Board
The upcoming release of LibreOffice will be available as a snap package