Gentoo Security Advisory GLSA 200403-13 (mplayer) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200403-13.

Solution

MPlayer may be upgraded as follows: x86 and SPARC users should: # emerge sync # emerge -pv '>=media-video/mplayer-0.92-r1' # emerge '>=media-video/mplayer-0.92-r1' AMD64 users should: # emerge sync # emerge -pv '>=media-video/mplayer-1.0_pre2-r1' # emerge '>=media-video/mplayer-1.0_pre2-r1' PPC users should: # emerge sync # emerge -pv '>=media-video/mplayer-1.0_pre3-r2' # emerge '>=media-video/mplayer-1.0_pre3-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200403-13 http://bugs.gentoo.org/show_bug.cgi?id=46246 http://www.mplayerhq.hu/homepage/design6/news.html

Insight

MPlayer contains a remotely exploitable buffer overflow in the HTTP parser that may allow attackers to run arbitrary code on a user's computer.

Severity

Classification

CVE CVE-2004-0386
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200409-11 (star)
Gentoo Security Advisory GLSA 200403-09 (mc)
Gentoo Security Advisory GLSA 200405-14 (subversion)
Gentoo Security Advisory GLSA 200403-02 (Kernel)
Gentoo Security Advisory GLSA 200408-20 (Qt)

Take action and discover your vulnerabilities