Test ID:	1.3.6.1.4.1.25623.1.0.62917
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:219 (mplayer)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mplayer announced via advisory MDVSA-2008:219. A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer (CVE-2008-0073). Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file (CVE-2008-3827). The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages. Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:219 http://www.ocert.org/advisories/ocert-2008-013.html Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0073 BugTraq ID: 28312 http://www.securityfocus.com/bid/28312 Debian Security Information: DSA-1536 (Google Search) http://www.debian.org/security/2008/dsa-1536 Debian Security Information: DSA-1543 (Google Search) http://www.debian.org/security/2008/dsa-1543 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html http://security.gentoo.org/glsa/glsa-200804-25.xml http://security.gentoo.org/glsa/glsa-200808-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 http://www.mandriva.com/security/advisories?name=MDVSA-2008:219 http://secunia.com/secunia_research/2008-10/ http://www.securitytracker.com/id?1019682 http://secunia.com/advisories/28694 http://secunia.com/advisories/29392 http://secunia.com/advisories/29472 http://secunia.com/advisories/29503 http://secunia.com/advisories/29578 http://secunia.com/advisories/29601 http://secunia.com/advisories/29740 http://secunia.com/advisories/29766 http://secunia.com/advisories/29800 http://secunia.com/advisories/30581 http://secunia.com/advisories/31372 http://secunia.com/advisories/31393 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408 SuSE Security Announcement: SUSE-SR:2008:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html SuSE Security Announcement: SUSE-SR:2008:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://www.ubuntu.com/usn/usn-635-1 http://www.vupen.com/english/advisories/2008/0923 http://www.vupen.com/english/advisories/2008/0985 XForce ISS Database: xinelib-sdpplinparse-bo(41339) https://exchange.xforce.ibmcloud.com/vulnerabilities/41339 Common Vulnerability Exposure (CVE) ID: CVE-2008-3827 BugTraq ID: 31473 http://www.securityfocus.com/bid/31473 Bugtraq: 20080929 [oCERT-2008-013] MPlayer Real demuxer heap overflow (Google Search) http://www.securityfocus.com/archive/1/496806/100/0/threaded Debian Security Information: DSA-1644 (Google Search) http://www.debian.org/security/2008/dsa-1644 http://www.ocert.org/advisories/ocert-2008-013.html http://www.securitytracker.com/id?1020952 http://secunia.com/advisories/32045 http://secunia.com/advisories/32153 http://securityreason.com/securityalert/4326 http://www.vupen.com/english/advisories/2008/2703
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.