Ubuntu
mplayer package

[mplayer] [DSA-1496-1] several buffer overflows

Bug #191488 reported by disabled.user on 2008-02-13

282

	Status	Importance	Assigned to
mplayer (Ubuntu)	Fix Released	High	William Grant
Dapper	Fix Released	High	William Grant
Edgy	Fix Released	High	William Grant
Feisty	Fix Released	High	William Grant
Gutsy	Fix Released	High	William Grant
Hardy	Fix Released	High	William Grant

Bug Description

Binary package hint: mplayer

References:
DSA-1496-1 (http://www.debian.org/security/2008/dsa-1496)

Quoting:
"Several buffer overflows have been discovered in the MPlayer movie player,
which might lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0485

Felipe Manzano and Anibal Sacco discovered a buffer overflow in
the demuxer for MOV files.

CVE-2008-0486

Reimar Doeffinger discovered a buffer overflow in the FLAC header
parsing.

CVE-2008-0629

Adam Bozanich discovered a buffer overflow in the CDDB access code.

CVE-2008-0630

Adam Bozanich discovered a buffer overflow in URL parsing."

Related branches

lp:ubuntu/karmic/mplayer

lp:ubuntu/edgy-security/mplayer

lp:ubuntu/feisty-security/mplayer

lp:ubuntu/dapper-security/mplayer

lp:ubuntu/gutsy-updates/mplayer

CVE References

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-02-13:

demux_mov_fix_20080129.diff Edit (1.2 KiB, text/plain)

CVE-2008-0485
http://www.mplayerhq.hu/MPlayer/patches/

Emanuele Gentili (emgent) on 2008-02-13

Changed in mplayer:
status:	New → Confirmed

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-02-14:

url_fix_20080120.diff Edit (204 bytes, text/plain)

CVE 2008-0630
http://www.mplayerhq.hu/MPlayer/patches/

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-02-14:

stream_cddb_fix_20080120.diff Edit (943 bytes, text/plain)

CVE 2008-0629
http://www.mplayerhq.hu/MPlayer/patches/

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-02-14:

demux_audio_fix_20080129.diff Edit (332 bytes, text/plain)

CVE 2008-0486
http://www.mplayerhq.hu/MPlayer/patches/

Emanuele Gentili (emgent) on 2008-02-15

Changed in mplayer:
importance:	Undecided → High

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2008-02-15:

MDVSA-2008:045 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:045) also lists the following xine-lib issues, which "also affects
MPlayer due to code similarity.":

CVE-2008-0225
CVE-2008-0238

Revision history for this message

spuk (gustavodn) wrote on 2008-02-15:

FYI (re CVE-2008-0225 & CVE-2008-0238): svn log -vr 22821 svn://svn.mplayerhq.hu/mplayer/trunk/

Revision history for this message

William Grant (wgrant) wrote on 2008-03-08:

spuk: Are you suggesting that's a fix for those two issues?

William Grant (wgrant) on 2008-03-08

Changed in mplayer:
assignee:	nobody → fujitsu
importance:	Undecided → High
status:	New → In Progress
assignee:	nobody → fujitsu
importance:	Undecided → High
status:	New → In Progress
assignee:	nobody → fujitsu
status:	Confirmed → In Progress

Revision history for this message

spuk (gustavodn) wrote on 2008-03-08:

Yes.

Revision history for this message

William Grant (wgrant) wrote on 2008-03-08:

feisty debdiff Edit (11.6 KiB, text/plain)

Revision history for this message

William Grant (wgrant) wrote on 2008-03-08:

#10

gutsy debdiff Edit (11.6 KiB, text/plain)

Revision history for this message

William Grant (wgrant) wrote on 2008-03-08:

#11

The patches took a few crowbarrings to fit into Feisty and Gutsy, but they work fine now. Hardy's FTBFS for some unrelated reason. I'm checking the applicability to Dapper and Edgy now.

Revision history for this message

William Grant (wgrant) wrote on 2008-03-09:

#12

dapper debdiff Edit (13.7 KiB, text/plain)

CVE-2008-0486 doesn't affect dapper, but all of the others do.

Changed in mplayer:
assignee:	nobody → fujitsu
importance:	Undecided → High
status:	New → In Progress
assignee:	nobody → fujitsu
importance:	Undecided → High
status:	New → In Progress

Revision history for this message

William Grant (wgrant) wrote on 2008-03-09:

#13

edgy debdiff Edit (10.6 KiB, text/plain)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-03-21:

#14

Thanks for the debdiffs. Gutsy's mplayer uses dpatch for patch management. Can you update the gutsy debdiff to use dpatch?

Revision history for this message

William Grant (wgrant) wrote on 2008-03-21:

#15

It doesn't really use dpatch for it; it uses bzr. Somebody unrelated to the package decided to add dpatch very late in the cycle, without telling anyone, and without bzr, and we're trying to ignore that mistake. bzr + dpatch == silly.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-03-24:

#16

This bug was fixed in the package mplayer - 2:1.0~rc2-0ubuntu9

---------------
mplayer (2:1.0~rc2-0ubuntu9) hardy; urgency=low

[ Luke Yelavich ]
* etc/example.conf: Use pulseaudio by default, and fallback to alsa.

  [ William Grant ]
  * SECURITY UPDATE: buffer overruns in CDDB, MOV demuxer, FLAC header parser,
    and URL parser. (LP: #191488)
  * libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c,
    stream/url.c: Patches from upstream.
  * References:
    - CVE-2008-0485
    - CVE-2008-0486
    - CVE-2008-0629
    - CVE-2008-0630
  * debian/rules: Unset CFLAGS, to make it build again.

-- William Grant <email address hidden> Mon, 24 Mar 2008 13:55:38 +1100

Changed in mplayer:
status:	In Progress → Fix Released

Jamie Strandboge (jdstrand) on 2008-03-24

Changed in mplayer:
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-03-24:

#17

This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu13.2

---------------
mplayer (2:1.0~rc1-0ubuntu13.2) gutsy-security; urgency=low

  * SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header
    parser, and URL parser. (LP: #191488)
  * stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c,
    stream/realrtsp/rmff.h, libmpdemux/demux_audio.c, libmpdemux/demux_mov.c,
    stream/stream_cddb.c, stream/url.c: Patches from upstream.
  * References:
    - CVE-2008-0225
    - CVE-2008-0238
    - CVE-2008-0485
    - CVE-2008-0486
    - CVE-2008-0629
    - CVE-2008-0630

-- William Grant <email address hidden> Sat, 08 Mar 2008 21:14:04 +1100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-03-24:

#18

This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu9.3

---------------
mplayer (2:1.0~rc1-0ubuntu9.3) feisty-security; urgency=low

-- William Grant <email address hidden> Sat, 08 Mar 2008 21:42:49 +1100

Changed in mplayer:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Jamie Strandboge (jdstrand) on 2008-03-24

Changed in mplayer:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntumplayer package

[mplayer] [DSA-1496-1] several buffer overflows

Bug Description

Related branches

CVE References

Duplicates of this bug

Other bug subscribers

Patches

Remote bug watches

Ubuntu
mplayer package