Test Kennung:	1.3.6.1.4.1.25623.1.0.69665
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2011:089 (mplayer)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to mplayer announced via advisory MDVSA-2011:089. Multiple vulnerabilities have been identified and fixed in mplayer: FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636) flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429) libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704) Fix heap corruption crashes (CVE-2011-0722) Fix invalid reads in VC-1 decoding (CVE-2011-0723) And several additional vulnerabilites originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues. Affected: 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:089 Risk factor : High CVSS Score: 6.8
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4636 BugTraq ID: 36465 http://www.securityfocus.com/bid/36465 Debian Security Information: DSA-2000 (Google Search) http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://www.vupen.com/english/advisories/2011/1241 Common Vulnerability Exposure (CVE) ID: CVE-2010-3429 Bugtraq: 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference (Google Search) http://www.securityfocus.com/archive/1/514009/100/0/threaded Debian Security Information: DSA-2165 (Google Search) http://www.debian.org/security/2011/dsa-2165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.ocert.org/advisories/ocert-2010-004.html http://www.openwall.com/lists/oss-security/2010/09/28/4 http://secunia.com/advisories/41626 http://secunia.com/advisories/43323 http://www.ubuntu.com/usn/usn-1104-1/ http://www.vupen.com/english/advisories/2010/2517 http://www.vupen.com/english/advisories/2010/2518 Common Vulnerability Exposure (CVE) ID: CVE-2010-4704 BugTraq ID: 46294 http://www.securityfocus.com/bid/46294 Debian Security Information: DSA-2306 (Google Search) http://www.debian.org/security/2011/dsa-2306 Common Vulnerability Exposure (CVE) ID: CVE-2011-0722 BugTraq ID: 47149 http://www.securityfocus.com/bid/47149 Common Vulnerability Exposure (CVE) ID: CVE-2011-0723 BugTraq ID: 47151 http://www.securityfocus.com/bid/47151 http://ffmpeg.mplayerhq.hu/
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.