Vulnerability Reported: a Patch for MPlayer
Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.
The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.
Issue 200/2017
Buy this issue as a PDF
News
-
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device
Two trojans in the wild are targeting Linux machines.
-
Fedora 26 Beta Comes with New Features
The workstation comes with the latest Gnome desktop environment and support for many application build systems.
-
Raspberry Pi Foundation Merges with CoderDojo Foundation
The two foundations join forces to expand their efforts to reach young people.
-
Samba Security Hole Patched but Risk is Bigger
Millions of devices that use Samba Server are vulnerable to attacks.
-
Red Hat Announces OpenShift.io
Red Hat takes its IDE online.
-
Microsoft Bakes Linux into Windows Server
Microsoft is slowly becoming a Linux vendor.
-
Fearless Coyote, Linux Kernel 4.11 is Out
The new kernel makes swap implementation more scalable, which will help cloud providers.
-
Docker Appoints Steve Singh CEO
The new CEO comes from a very strong SaaS background.
-
Docker Announces Linux Kit and Moby Project
Both projects help organizations build their own containerized systems.
-
Ubuntu Returns to Gnome as Its Mobile Plans Shatter
Mark Shuttleworth has resumed the position of CEO of Canonical.