Debians sikkerhedsbulletin
DSA-2044-1 mplayer -- heltalsoverløb
- Rapporteret den:
- 11. maj 2010
- Berørte pakker:
- mplayer
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- Der er pt. ingen tilgængelige eksterne sikkerhedsreferencer i andre databaser.
- Yderligere oplysninger:
-
tixxDZ (DZCORE labs) opdagede en sårbarhed i multimedieafspilleren og -streameren mplayer. Manglende validering af data i mplayers implementering af Real Data Transport (RDT), muliggjorde et heltalsunderløb og som følge deraf, en handling på en grænseløs bruffer. En ondsindet fremstillet stream kunne dermed gøre det muligt for en angriber, at udføre vilkårlig kode.
Der er ingen registrering hos projektet Common Vulnerabilities and Exposures vedrørende dette problem.
I den stabile distribution (lenny), er dette problem rettet i version 1.0~rc2-17+lenny3.2.
Vi anbefaler at du opgraderer dine mplayer-pakker.
- Rettet i:
-
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.dsc
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc2-17+lenny3.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_amd64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mips.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.