Detections
Analytics

Mandrake Linux Security Advisory : mplayer (MDKSA-2004:157)

critical Nessus Plugin ID 16038

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the BMP demuxer and mp3lib code.

The updated packages have been patched to prevent these problems.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?4c7dac8f

http://www.nessus.org/u?12ef3169

http://www.nessus.org/u?cdbcba84

Plugin Details

Severity: Critical

ID: 16038

File Name: mandrake_MDKSA-2004-157.nasl

Version: 1.18

Type: local

Published: 12/23/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64postproc0, p-cpe:/a:mandriva:linux:lib64postproc0-devel, p-cpe:/a:mandriva:linux:libdha0.1, p-cpe:/a:mandriva:linux:libdha1.0, p-cpe:/a:mandriva:linux:libpostproc0, p-cpe:/a:mandriva:linux:libpostproc0-devel, p-cpe:/a:mandriva:linux:mencoder, p-cpe:/a:mandriva:linux:mplayer, p-cpe:/a:mandriva:linux:mplayer-gui, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/22/2004

Reference Information

CVE: CVE-2000-0174, CVE-2004-1285, CVE-2004-1309, CVE-2004-1310, CVE-2004-1311

MDKSA: 2004:157