Mandriva Update For Mplayer MDVSA-2008:196 (mplayer) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. The updated packages have been patched to fix this issue.

Affected

mplayer on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1558
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:111 (firefox)
Mandrake Security Advisory MDVSA-2009:057 (valgrind)
Mandrake Security Advisory MDVSA-2009:132 (libsndfile)
Mandrake Security Advisory MDVSA-2009:159 (mysql)
Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)

Mandriva Update for mplayer MDVSA-2008:196 (mplayer)

Take action and discover your vulnerabilities