Secunia Research has discovered some vulnerabilities in MPlayer, which can be exploited by malicious people to compromise a user's system. 1) A boundary error within the "cddb_query_parse()" function in stream/stream_cddb.c when parsing album titles can be exploited to cause a stack-based buffer overflow by tricking a user into parsing malicious CDDB entries via overly long album titles. Successful exploitation allows execution of arbitrary code. 2) Boundary errors within the "cddb_parse_matches_list()" and "cddb_read_parse()" functions in stream/stream_cddb.c when parsing album and category titles can be exploited to cause stack-based buffer overflows by tricking a user into parsing malicious CDDB entries via overly long album or category titles. Successful exploitation allows execution of arbitrary code, but may require that the user connects to a malicious server. The vulnerabilities are confirmed in version 1.0rc1. Other versions may also be affected. Solution: Apply patch: http://svn.mplayerhq.hu/mplayer/trunk...=23287&r2=23470&diff_format=u Provided and/or discovered by: 1) Stefan Cornelius, Secunia Research 2) Stefan Cornelius, Secunia Research and Reimar Döffinger Original Advisory: Secunia Research: http://secunia.com/secunia_research/2007-55/ Reproducible: Always
maintainers - please advice and bump as necessary
mplayer-1.0.20070622 in tree
thaks maintainers for providing that ebuild arches please test and mark stable target keywords are: media-video/mplayer-1.0.20070622:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
AMD64: emerges ok (USE="3dnow 3dnowext X a52 aac alsa cddb cdparanoia dts dvb dvd dvdread encode gif gtk iconv jpeg lirc mad mmx mmxext mp3 openal opengl png rtc sdl srt sse sse2 truetype unicode v4l v4l2 vorbis x264 xv -aalib (-altivec) -amrnb -amrwb -arts -bidi -bindist -bl -cpudetection -custom-cflags -debug -dga -directfb -doc -dv -dvdnav -enca -esd -fbcon -ftp -ggi -ipv6 -ivtv -jack -joystick -libcaca -live -livecd -lzo -md5sum -mp2 -musepack -nas -oss -pnm -quicktime -radio -rar -real -samba -speex (-svga) -tga -theora -tivo (-vidix) (-win32codecs) -xanim -xinerama -xvid -xvmc -zoran" VIDEO_CARDS="-mga -s3virge -tdfx -vesa") no collisions warnings during emerge: * Make install completed cp: cannot stat `/var/tmp/portage/media-video/mplayer-1.0.20070622/image//Gui/mplayer/pixmaps/logo.xpm': No such file or directory >>> Completed installing mplayer-1.0.20070622 into /var/tmp/portage/media-video/mplayer-1.0.20070622/image/ ecompressdir: bzip2 -9 usr/share/man * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * asxparser.c:564: warning: dereferencing type-punned pointer will break strict-aliasing rules ...loads more errors of the same for different files * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * interface.c:655: warning: implicit declaration of function 'vcd_seek_to_track' ...similar errors with different functions * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * vf_qp.c:91: warning: incompatible implicit declaration of built-in function 'lrintf'
ppc64 stable
Marked stable for HPPA: media-libs/amrnb-6.1.0.3 media-libs/amrwb-7.0.0.0 media-video/mplayer-1.0.20070622
amd64 done, thanks Simon
Marked this bug as blocked by 183013 - mplayer fails compile.
alpha/ia64 stable
x86 stable
20070622 sparc stable. Was -r1 intended to go stable? Because x86 did it.
(In reply to comment #12) > 20070622 sparc stable. > Was -r1 intended to go stable? Because x86 did it. > Minor changes, either one should be fine. I marked -r1 stable on amd64.
ppc stable
arches please test and mark stable target keywords are: media-video/mplayer-1.0.20070622-r1:KEYWORDS=alpha amd64 hppa ia64 ppc ppc64 sparc x86
Lars: why? As steve said -r1 isn't related to this security bug so you shouldn't have called for stabling here and just adds up to confusion...
(In reply to comment #16) > Lars: why? +1
this bug is ready for glsa decision
B2 always implies a GLSA. GLSA 200707-07, thanks everybody
