|
|
| Problem Description |
Buffer overflow in the asmrp_eval function for the Real Media input
plugin allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a rulebook with a large number
of rulematches.
Updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
f1b7f04506edd2f048821aa868f312b0 corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.11.C30mdk.i586.rpm 4250be5ebe5ccae0f1233343699aa3a9 corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.11.C30mdk.i586.rpm 9c2ee76860184398988a33347d591fd2 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.11.C30mdk.i586.rpm 5d1d7efad438f4c645a9124b6c5a2ac8 corporate/3.0/i586/mencoder-1.0-0.pre3.14.11.C30mdk.i586.rpm fdd5ab4e3aefef7ea1f42c2bbf48d860 corporate/3.0/i586/mplayer-1.0-0.pre3.14.11.C30mdk.i586.rpm b493e323ce7e94c5728cc2a373c40fc5 corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.11.C30mdk.i586.rpm 228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm
Corporate Server 3.0/X86_64
5703a3b6ccd14cd700762f63b9da58ca corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 16152708c55cd45a374398cb1b0aff1a corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 2fc00f3155f4f51875b66ae27207c275 corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 152fbb089a239522190c7ec6d1720c46 corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm
Mandriva Linux 2007
830fb73b1b7ef7bce6f6f21a44d9e89f 2007.0/i586/libdha1.0-1.0-1.pre8.13.3mdv2007.0.i586.rpm 0235e5abe7ff905ccbe2623876946915 2007.0/i586/mencoder-1.0-1.pre8.13.3mdv2007.0.i586.rpm 54faca2a832a87403e4ac4f02b719d9e 2007.0/i586/mplayer-1.0-1.pre8.13.3mdv2007.0.i586.rpm 3adef91daba9c23859a411e6e7fed99d 2007.0/i586/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.i586.rpm 77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
7db8e08bbc3a2a7780b9cb6172372966 2007.0/x86_64/mencoder-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm 5b94344377c17fc27cc6387c1f8d56dc 2007.0/x86_64/mplayer-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm ec5d71b9b1ab30deb6fe717a4361c7ed 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm 77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm
Mandriva Linux 2007.1
e35f5cf2df21511dc7c1b8b5d95a4936 2007.1/i586/libdha1.0-1.0-1.rc1.11.1mdv2007.1.i586.rpm da4702585498a73d5697e55a5e08f834 2007.1/i586/mencoder-1.0-1.rc1.11.1mdv2007.1.i586.rpm 22be41581519dc8d8e6e1a28472fe35d 2007.1/i586/mplayer-1.0-1.rc1.11.1mdv2007.1.i586.rpm 76bd7950cd1790bbf3caeaa3de75202a 2007.1/i586/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.i586.rpm 48cc118f6e33ddc1db7268b7a4436c51 2007.1/i586/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.i586.rpm f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
780ef1ea825746d89c0ad855920383fe 2007.1/x86_64/mencoder-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 1d338368b9c85ba5b537eab6d7458e26 2007.1/x86_64/mplayer-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 274d7330781b618dcf413fda2231615f 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 955284559324b44e9e6ddbf60c682d68 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.