Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg

Vulnerability Reported: a Patch for MPlayer

Oct 02, 2008

Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.

The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.

(Ulrich Bantle)

Comments


Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg
Related Articles
Lynis Shell Skript Checks Unix Security
Asus Kickoff: Eee Keyboard with PC
TV Mythos Renewed: MythTV 0.22 with Many Improvements
First Maintenance Update for Firefox 3
Industry Consortium Rivalry over Crypto Standards
Chuck Norris Botnet Affects Linux Routers
No More Downloads!

Save the download and take Linux Magazine DVDs instead.

Each DVD contains a full distro like Ubuntu, SUSE, Mandriva, Fedora, or Debian and comes with the corresponding issue of Linux Magazine.

Don't waste timedownloading Linux!

more...

 

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2010 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux Technical Review]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland]
International: [Linux Magazine Brazil] [EasyLinux Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]