Vulnerability Reported: a Patch for MPlayer
Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.
The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.
Issue 172/2015
Buy this issue as a PDF
News
-
Cisco Releases Annual Security Report
Spammers go low-volume, and 90% of IE browsers are unpatched.
-
Zero Day Exploits Target Flash
Adobe scrambles to release patches for vulnerable Flash Player.
-
Intel Unveils Compute Stick
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
-
Obama Proposes Personal Data Notification Law
New statute would require companies to report break-ins to consumers.
-
TGXf Project Warns of File Transfer through Screen Pixels
Weird data transfer technique avoids all standard security measures.
-
Industry Giants Announce a Fix for the Password Mess
FIDO alliance declares the beginning of the end for old-style login authentication.
-
Poll: Vote for the Best Open Source Software for Photographers
The Linux New Media Awards have honored the most significant products, projects, people, and organizations for open source/Linux every year since 2000.
-
Debian Gets Forked
Legendary Uber-distro splits over the systemd controversy.
-
Linux Mint Project Releases Mint 17.1
New LTS version offers many refinements for the Cinnamon and Mate desktops and significant improvement under the hood.
-
CeBIT Open Source Forum Call for Papers
One of CeBIT’s most successful forums returns in 2015.