[MPlayer-DOCS] [homepage]: r2768 - trunk/src/news.src.en
subversion at mplayerhq.hu
Sun Dec 31 14:44:01 CET 2006
Date: Sun Dec 31 14:44:01 2006
New Revision: 2768
Advisory for buffer overflow in asmrp.c
--- trunk/src/news.src.en (original)
+++ trunk/src/news.src.en Sun Dec 31 14:44:01 2006
@@ -8,6 +8,79 @@
+ <a name="vuln14">2006.12.31, Sunday :: buffer overflow in asmrp.c</a>
+ <br><span class="poster">posted by Roberto</span>
+The code mentioned in
+<a href="http://www.debian.org/security/2006/dsa-1244">DSA 1244-1</a>
+is also included in MPlayer.
+A potential buffer overflow was found in the code used to handle RealMedia RTSP
+streams. When checking for matching asm rules, the code stores the results in
+a fixed-size array, but no boundary checks are performed. This may lead to a
+buffer overflow if the user is tricked into connecting to a malicious server.
+Since the attacker can not write arbitrary data into the buffer, creating an
+exploit is very hard; but a DoS attack is easily made.
+High (DoS and eventually arbitrary remote code execution under the user ID
+running the player) when setting up a RTSP session from a malicious server,
+null if you do not use this feature.
+At the time the buffer overflow was fixed there was no known exploit.
+A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC
+as r21799. The fix involves three files:
+<a href="http://svn.mplayerhq.hu/mplayer/trunk/stream/realrtsp/asmrp.h?r1=19277&r2=21799">stream/realrtsp/asmrp.h</a> and
+Users of affected MPlayer versions should download a
+for MPlayer 1.0rc1 or update to the latest version if they're using SVN.
+Please note that we are not releasing an updated tarball with this fix at this
+moment, since MPlayer 1.0rc2 is alredy in process.<br>
+If you need to stay with 1.0rc1, get the MPlayer 1.0rc1 tarball,
+apply the patch with the fix and recompile MPlayer; else upgrade to SVN.<br>
+If you mantain a binary package for MPlayer, please name the updated version
+MPlayer 1.0rc1 and SVN before r21799 (Sun Dec 31 13:27:53 2006 UTC).
+Older versions are probably affected, too, but they were not checked.
+SVN HEAD after r21799 (Sun Dec 31 13:27:53 2006 UTC)<br>
+MPlayer 1.0rc1 + security patch
+<h4>Happy new year from MPlayer team.</h4>
<a name="mplayer10rc1">2006.10.22, Sunday :: MPlayer 1.0rc1 released</a>
<br><span class="poster">posted by the release team</span>
More information about the MPlayer-DOCS