Gentoo Security Advisory GLSA 200403-13 (mplayer) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200403-13.

Solution

MPlayer may be upgraded as follows: x86 and SPARC users should: # emerge sync # emerge -pv '>=media-video/mplayer-0.92-r1' # emerge '>=media-video/mplayer-0.92-r1' AMD64 users should: # emerge sync # emerge -pv '>=media-video/mplayer-1.0_pre2-r1' # emerge '>=media-video/mplayer-1.0_pre2-r1' PPC users should: # emerge sync # emerge -pv '>=media-video/mplayer-1.0_pre3-r2' # emerge '>=media-video/mplayer-1.0_pre3-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200403-13 http://bugs.gentoo.org/show_bug.cgi?id=46246 http://www.mplayerhq.hu/homepage/design6/news.html

Insight

MPlayer contains a remotely exploitable buffer overflow in the HTTP parser that may allow attackers to run arbitrary code on a user's computer.

Severity

Classification

CVE CVE-2004-0386

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200405-12 (cvs)
Gentoo Security Advisory GLSA 200312-04 (CVS)
Gentoo Security Advisory GLSA 200408-19 (courier-imap)
Gentoo Security Advisory GLSA 200408-01 (MPlayer)
Gentoo Security Advisory GLSA 200402-06 (Kernel)

Take action and discover your vulnerabilities