MDVSA-2009:014

Package name

mplayer

Date

2009-01-15

Advisory ID

MDVSA-2009:014

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

Several vulnerabilities have been discovered in mplayer, which could
allow remote attackers to execute arbitrary code via a malformed
TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer,
related to the execution of DTS generation code (CVE-2008-4866).

The updated packages have been patched to prevent this.

Updated packages

2008.0 i586

 d9309066e352a5846e6976601c86a454  2008.0/i586/libdha1.0-1.0-1.rc1.20.6mdv2008.0.i586.rpm
 def4c10128e7d33721839f3f2247ad06  2008.0/i586/mencoder-1.0-1.rc1.20.6mdv2008.0.i586.rpm
 54294bf5e706a95463e2e8f0c8f38076  2008.0/i586/mplayer-1.0-1.rc1.20.6mdv2008.0.i586.rpm
 6d59c67a08541dc67dc0c4c85a0d4e4b  2008.0/i586/mplayer-doc-1.0-1.rc1.20.6mdv2008.0.i586.rpm
 f128add5d06c1dfc3778759035039341  2008.0/i586/mplayer-gui-1.0-1.rc1.20.6mdv2008.0.i586.rpm 
 2b5ad581348b60487e389584a46c0404  2008.0/SRPMS/mplayer-1.0-1.rc1.20.6mdv2008.0.src.rpm

2008.0 x86_64

 5422f0b1080b6f8b2eb7b96a1881790b  2008.0/x86_64/mencoder-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm
 4e4e2b51037f0c3329925040ef5cbdbb  2008.0/x86_64/mplayer-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm
 ea7eb1f7ef63f0c043b9bbdf587fe394  2008.0/x86_64/mplayer-doc-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm
 60b6e1e65f89fba2d1bdc0913a53a727  2008.0/x86_64/mplayer-gui-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm 
 2b5ad581348b60487e389584a46c0404  2008.0/SRPMS/mplayer-1.0-1.rc1.20.6mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867