Ubuntu
mplayer package

  1. Gutsy (7.10)
  2. Bug #279030
  3. Comment #11

Comment 11 for bug 279030

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu13.3

---------------
mplayer (2:1.0~rc1-0ubuntu13.3) gutsy-security; urgency=low

  * SECURITY UPDATE: Multiple integer underflows in MPlayer 1.0_rc2 and
    earlier allow remote attackers to cause a denial of service
    (process termination) and possibly execute arbitrary code via a
    crafted video file that causes the stream_read function to read or
    write arbitrary memory (LP: #279030)
    - libmpdemux/demux_real.c: Address various integer underflows. Patch
      from oCert.org.
    - http://www.ocert.org/advisories/ocert-2008-013.html
    - CVE-2008-3827
  * SECURITY UPDATE: Uncontrolled array index in the sdpplin_parse function in
    stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to
    overwrite memory and execute arbitrary code via a large streamid SDP
    parameter. (LP: #212601).
    - Cherrypicked rev 80 from lp:~ubuntu-dev/mplayer/ubuntu (William Grant)
      stream/realrtsp/sdpplin.c: Properly check the stream ID. Patch from
      upstream.
    - CVE-2008-1558

 -- Stefan Lesicnik <email address hidden> Fri, 10 Oct 2008 20:55:42 +0200