Support / Security / Advisories / Corporate Server 2.1 / MDKSA-2005:009

Package name: mpg123
Date: 2005-01-19
Advisory ID: MDKSA-2005:009
Affected versions: CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A vulnerability in mpg123's ability to parse frame headers in input streams could allow a malicious file to exploit a buffer overflow and execute arbitray code with the permissions of the user running mpg123. The updated packages have been patched to prevent these problems.

Updated packages

CS2.1 x86_64

 deb362353f3912ed0154847947c45543  x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.3.C21mdk.x86_64.rpm
437ddd9bda9615417690f737e9722990  x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.3.C21mdk.src.rpm

10.0 amd64

 4ee7ef6a8d53837780ed7f2b03839673  amd64/10.0/RPMS/mpg123-0.59r-22.2.100mdk.amd64.rpm
a23d6bfb05fa6ac27067bc31428092eb  amd64/10.0/SRPMS/mpg123-0.59r-22.2.100mdk.src.rpm

10.1 i586

 3f9c35756148f51b279631123545b75b  10.1/RPMS/mpg123-0.59r-22.2.101mdk.i586.rpm
4cf62de0ff365cd0e74c417f84b7730e  10.1/SRPMS/mpg123-0.59r-22.2.101mdk.src.rpm

10.0 i586

 c6853d42d98e62393a7f819a2ffe3356  10.0/RPMS/mpg123-0.59r-22.2.100mdk.i586.rpm
a23d6bfb05fa6ac27067bc31428092eb  10.0/SRPMS/mpg123-0.59r-22.2.100mdk.src.rpm

CS3.0 i586

 2d5fd7533161e466ba3f3b1307be77d1  corporate/3.0/RPMS/mpg123-0.59r-22.2.C30mdk.i586.rpm
7aab2dce78c90489c8da66e715b61bf5  corporate/3.0/SRPMS/mpg123-0.59r-22.2.C30mdk.src.rpm

CS2.1 i586

 b68e025bfc40ff120c63d77bed97270b  corporate/2.1/RPMS/mpg123-0.59r-21.3.C21mdk.i586.rpm
437ddd9bda9615417690f737e9722990  corporate/2.1/SRPMS/mpg123-0.59r-21.3.C21mdk.src.rpm

10.1 x86_64

 ee70a13d4ccfcf5f8fbd9ed778186647  x86_64/10.1/RPMS/mpg123-0.59r-22.2.101mdk.x86_64.rpm
4cf62de0ff365cd0e74c417f84b7730e  x86_64/10.1/SRPMS/mpg123-0.59r-22.2.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991