Mandrake Security Advisory MDVSA-2009:014 (mplayer) Network Vulnerability

Summary

The remote host is missing an update to mplayer announced via advisory MDVSA-2009:014.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:014

Insight

Several vulnerabilities have been discovered in mplayer, which could allow remote attackers to execute arbitrary code via a malformed TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer, related to the execution of DTS generation code (CVE-2008-4866). The updated packages have been patched to prevent this. Affected: 2008.0

Severity

Classification

CVE CVE-2008-4866, CVE-2008-4867, CVE-2008-5616
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:081 (libsoup)
Mandrake Security Advisory MDVSA-2009:023 (php)
Mandrake Security Advisory MDVSA-2009:131-1 (apr-util)
Mandrake Security Advisory MDVSA-2009:049 (pycrypto)
Mandrake Security Advisory MDVSA-2009:143 (netpbm)

Take action and discover your vulnerabilities