|
|
| Problem Description |
Several vulnerabilities have been discovered in mplayer, which could
allow remote attackers to execute arbitrary code via a malformed
TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer,
related to the execution of DTS generation code (CVE-2008-4866).
The updated packages have been patched to prevent this.
| Updated Packages |
Mandriva Linux 2008.0
d9309066e352a5846e6976601c86a454 2008.0/i586/libdha1.0-1.0-1.rc1.20.6mdv2008.0.i586.rpm def4c10128e7d33721839f3f2247ad06 2008.0/i586/mencoder-1.0-1.rc1.20.6mdv2008.0.i586.rpm 54294bf5e706a95463e2e8f0c8f38076 2008.0/i586/mplayer-1.0-1.rc1.20.6mdv2008.0.i586.rpm 6d59c67a08541dc67dc0c4c85a0d4e4b 2008.0/i586/mplayer-doc-1.0-1.rc1.20.6mdv2008.0.i586.rpm f128add5d06c1dfc3778759035039341 2008.0/i586/mplayer-gui-1.0-1.rc1.20.6mdv2008.0.i586.rpm 2b5ad581348b60487e389584a46c0404 2008.0/SRPMS/mplayer-1.0-1.rc1.20.6mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
5422f0b1080b6f8b2eb7b96a1881790b 2008.0/x86_64/mencoder-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm 4e4e2b51037f0c3329925040ef5cbdbb 2008.0/x86_64/mplayer-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm ea7eb1f7ef63f0c043b9bbdf587fe394 2008.0/x86_64/mplayer-doc-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm 60b6e1e65f89fba2d1bdc0913a53a727 2008.0/x86_64/mplayer-gui-1.0-1.rc1.20.6mdv2008.0.x86_64.rpm 2b5ad581348b60487e389584a46c0404 2008.0/SRPMS/mplayer-1.0-1.rc1.20.6mdv2008.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.