Mandrake Security Advisory MDVSA-2009:013 (mplayer)

The remote host is missing an update to mplayer announced via advisory MDVSA-2009:013.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
Several vulnerabilities have been discovered in mplayer, which could allow remote attackers to execute arbitrary code via a malformed TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer, related to the execution of DTS generation code (CVE-2008-4866) and incorrect handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867). The updated packages have been patched to prevent this. Affected: 2008.1, 2009.0