Package name
mpg123
Date
2007-02-02
Advisory ID
MDKSA-2007:032
Affected versions
2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2006.0 x86_64

Problem description

The http_open function in httpget.c in mpg123 before 0.64 allows remote
attackers to cause a denial of service (infinite loop) by closing the
HTTP connection early.

Packages have been patched to correct this issue.

Updated packages

2006.0 i586

 babe8d78bc25c2dd132fa920880ba753  2006.0/i586/mpg123-0.59r-23.2.20060mdk.i586.rpm 
 ba97940bced19952befcacd2f3543adf  2006.0/SRPMS/mpg123-0.59r-23.2.20060mdk.src.rpm

2007.0 x86_64

 a84d45f47bcb660148c1a8294b4aec65  2007.0/x86_64/mpg123-0.60-2.1mdv2007.0.x86_64.rpm 
 6e6643dbbb5f0f837af32ca764568189  2007.0/SRPMS/mpg123-0.60-2.1mdv2007.0.src.rpm

2007.0 i586

 63d1e8b57d1883657612bc4655ef9479  2007.0/i586/mpg123-0.60-2.1mdv2007.0.i586.rpm 
 6e6643dbbb5f0f837af32ca764568189  2007.0/SRPMS/mpg123-0.60-2.1mdv2007.0.src.rpm

CS3.0 x86_64

 893735fab9e27cd51cac70f64f4aa831  corporate/3.0/x86_64/mpg123-0.59r-22.4.C30mdk.x86_64.rpm 
 396f3b1659f5ea06471b8c8f4a077043  corporate/3.0/SRPMS/mpg123-0.59r-22.4.C30mdk.src.rpm

CS3.0 i586

 b4f1ca196054a9d7e40359bd15bcf708  corporate/3.0/i586/mpg123-0.59r-22.4.C30mdk.i586.rpm 
 396f3b1659f5ea06471b8c8f4a077043  corporate/3.0/SRPMS/mpg123-0.59r-22.4.C30mdk.src.rpm

2006.0 x86_64

 df5b4948cc199f99cb922c501529ea6d  2006.0/x86_64/mpg123-0.59r-23.2.20060mdk.x86_64.rpm 
 ba97940bced19952befcacd2f3543adf  2006.0/SRPMS/mpg123-0.59r-23.2.20060mdk.src.rpm

References