Vulnerability Reported: a Patch for MPlayer
Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.
The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.
Issue 30: Getting Started with Linux/Special Editions
Buy this issue as a PDF
News
-
Kubernetes 1.8 Announced
The new release comes with two new features for better security.
-
Final Ubuntu Desktop 17.10 Beta Arrives
Ubuntu completes the cycle of life and goes back to letter A and Gnome.
-
Linus Torvalds Invites Attackers to Join the Kernel Community
He wants attackers to join the community instead of attacking the code.
-
Oracle Donating Java EE to the Eclipse Foundation
Oracle is recommending a new name for the Java Enterprise Edition platform.
-
Reddit Closing Doors to Open Source
The peanut gallery of the Internet is closing its open source repository.
-
Largest Open Source Summit to Date Around the Corner
LinuxCon is now Open Source Summit.
-
Gnome is Celebrating it’s 20th Birthday
More than 33 releases since the first release of Gnome.
-
SQL Server Comes to RHEL; OpenShift Comes to Azure
Microsoft and Red Hat expand their partnership.
-
LibreOffice 5.4 Released
Comes with improved support for Microsoft Office file formats.
-
Red Hat to Drop Support for Btrfs
The company is building their own storage solution called Stratis.