Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:014 (mplayer)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63200

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:014 (mplayer)

Resumen: The remote host is missing an update to mplayer;announced via advisory MDVSA-2009:014.

Descripción: Summary:
The remote host is missing an update to mplayer
announced via advisory MDVSA-2009:014.

Vulnerability Insight:
Several vulnerabilities have been discovered in mplayer, which could
allow remote attackers to execute arbitrary code via a malformed
TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer,
related to the execution of DTS generation code (CVE-2008-4866).

The updated packages have been patched to prevent this.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5616
BugTraq ID: 32822
http://www.securityfocus.com/bid/32822
Bugtraq: 20081214 [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/499214/100/0/threaded
Debian Security Information: DSA-1782 (Google Search)
http://www.debian.org/security/2009/dsa-1782
http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
http://www.mandriva.com/security/advisories?name=MDVSA-2009:014
http://trapkit.de/advisories/TKADV2008-014.txt
http://secunia.com/advisories/33136
http://secunia.com/advisories/34845
Common Vulnerability Exposure (CVE) ID: CVE-2008-4866
BugTraq ID: 33308
http://www.securityfocus.com/bid/33308
http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html
http://security.gentoo.org/glsa/glsa-200903-33.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:015
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html
http://www.openwall.com/lists/oss-security/2008/10/29/6
http://secunia.com/advisories/34296
http://secunia.com/advisories/34385
http://www.ubuntu.com/usn/USN-734-1
XForce ISS Database: ffmpeg-utils-multiple-bo(46322)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46322
Common Vulnerability Exposure (CVE) ID: CVE-2008-4867
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html
XForce ISS Database: ffmpeg-dca-bo(46324)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46324

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63200
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:014 (mplayer)
Resumen:	The remote host is missing an update to mplayer;announced via advisory MDVSA-2009:014.
Descripción:	Summary: The remote host is missing an update to mplayer announced via advisory MDVSA-2009:014. Vulnerability Insight: Several vulnerabilities have been discovered in mplayer, which could allow remote attackers to execute arbitrary code via a malformed TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer, related to the execution of DTS generation code (CVE-2008-4866). The updated packages have been patched to prevent this. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5616 BugTraq ID: 32822 http://www.securityfocus.com/bid/32822 Bugtraq: 20081214 [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/499214/100/0/threaded Debian Security Information: DSA-1782 (Google Search) http://www.debian.org/security/2009/dsa-1782 http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 http://www.mandriva.com/security/advisories?name=MDVSA-2009:014 http://trapkit.de/advisories/TKADV2008-014.txt http://secunia.com/advisories/33136 http://secunia.com/advisories/34845 Common Vulnerability Exposure (CVE) ID: CVE-2008-4866 BugTraq ID: 33308 http://www.securityfocus.com/bid/33308 http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html http://www.openwall.com/lists/oss-security/2008/10/29/6 http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://www.ubuntu.com/usn/USN-734-1 XForce ISS Database: ffmpeg-utils-multiple-bo(46322) https://exchange.xforce.ibmcloud.com/vulnerabilities/46322 Common Vulnerability Exposure (CVE) ID: CVE-2008-4867 http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html XForce ISS Database: ffmpeg-dca-bo(46324) https://exchange.xforce.ibmcloud.com/vulnerabilities/46324
Copyright	Copyright (C) 2009 E-Soft Inc.