[MPlayer-DOCS] homepage SVN: r2279 - trunk/src

syncmail at mplayerhq.hu syncmail at mplayerhq.hu
Thu Feb 16 21:30:27 CET 2006 

Author: rtogni
Date: Thu Feb 16 21:30:27 2006
New Revision: 2279

Modified:
   trunk/src/news.src.en
Log:
Security fix


Modified: trunk/src/news.src.en
==============================================================================
--- trunk/src/news.src.en	(original)
+++ trunk/src/news.src.en	Thu Feb 16 21:30:27 2006
@@ -8,6 +8,75 @@
 <div class="newsentry">
 
 <h2>
+	<a name="vuln13">2006.02.15, Wednesday :: heap overflow in demuxer.h</a>
+	<br><span class="poster">posted by Roberto</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+A potential buffer overflow was found in the ASF demuxer, and further analysis
+showed that the bug was in some more generic code in demuxer.h, used to
+create and resize buffers. You can read the original bug report here
+<a href="http://bugs.gentoo.org/show_bug.cgi?id=122029">
+media-video/mplayer ASF File Parsing Integer Overflow (CAN-2006-0579)</a>
+on Gentoo Bugzilla.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when streaming an ASF file from a malicious server, medium (local code
+execution under the user ID running the player) if you play a malicious ASF
+file locally.
+At the time the buffer overflow was fixed there was no known exploit.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A <a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpdemux/demuxer.h.diff?r1=1.87&r2=1.88">fix</a>
+for this problem was committed to CVS on Sun Feb 12 09:28:09 2006 UTC, and
+enhanced in versions 1.89 and 1.90.
+Users of affected MPlayer versions should download a patch for
+MPlayer 1.0pre7try2
+<a href="http://equinox.campus.ltu.se/~rtogni/demuxer_h_fix_20060212.diff">here</a>
+or update to the latest version if they're using CVS.
+</p>
+
+<p>
+Please note that we are not releasing an updated tarball with this fix at this
+moment. Since MPlayer 1.0pre7 is very old, we encourage you to upgrade to the
+CVS version.<br>
+If you need to stay with 1.0pre7, get the MPlayer 1.0pre7try2 tarball,
+apply the patch with the fix and recompile MPlayer.<br>
+If you mantain a binary package for MPlayer, please name the updated version
+MPlayer 1.0pre7try3.
+</p>
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre7, MPlayer 1.0pre7try2 and CVS before Sun Feb 12 09:28:09 2006 UTC.
+Older versions are probably affected, too, but they were not checked.
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+CVS HEAD after Sun Feb 12 09:28:09 2006 UTC<br>
+MPlayer 1.0pre7try2 + security patch
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
 	<a name="HUPAward2005">2005.12.23, Friday :: HUP Readers' Choice Award 2005</a>
 	<br><span class="poster">posted by Diego</span>
 </h2>

More information about the MPlayer-DOCS mailing list