[mplayer] [DSA-1496-1] several buffer overflows

Bug #191488 reported by disabled.user
282
Affects Status Importance Assigned to Milestone
mplayer (Ubuntu)
High
William Grant
Dapper
High
William Grant
Edgy
High
William Grant
Feisty
High
William Grant
Gutsy
High
William Grant
Hardy
High
William Grant

Bug Description

Binary package hint: mplayer

References:
DSA-1496-1 (http://www.debian.org/security/2008/dsa-1496)

Quoting:
"Several buffer overflows have been discovered in the MPlayer movie player,
which might lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0485

    Felipe Manzano and Anibal Sacco discovered a buffer overflow in
    the demuxer for MOV files.

CVE-2008-0486

    Reimar Doeffinger discovered a buffer overflow in the FLAC header
    parsing.

CVE-2008-0629

    Adam Bozanich discovered a buffer overflow in the CDDB access code.

CVE-2008-0630

    Adam Bozanich discovered a buffer overflow in URL parsing."

Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in mplayer:
status: New → Confirmed
Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in mplayer:
importance: Undecided → High
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

MDVSA-2008:045 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:045) also lists the following xine-lib issues, which "also affects
MPlayer due to code similarity.":

CVE-2008-0225
CVE-2008-0238

Revision history for this message
spuk (gustavodn) wrote :

FYI (re CVE-2008-0225 & CVE-2008-0238): svn log -vr 22821 svn://svn.mplayerhq.hu/mplayer/trunk/

Revision history for this message
William Grant (wgrant) wrote :

spuk: Are you suggesting that's a fix for those two issues?

William Grant (wgrant)
Changed in mplayer:
assignee: nobody → fujitsu
importance: Undecided → High
status: New → In Progress
assignee: nobody → fujitsu
importance: Undecided → High
status: New → In Progress
assignee: nobody → fujitsu
status: Confirmed → In Progress
Revision history for this message
spuk (gustavodn) wrote :

Yes.

Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
William Grant (wgrant) wrote :

The patches took a few crowbarrings to fit into Feisty and Gutsy, but they work fine now. Hardy's FTBFS for some unrelated reason. I'm checking the applicability to Dapper and Edgy now.

Revision history for this message
William Grant (wgrant) wrote :

CVE-2008-0486 doesn't affect dapper, but all of the others do.

Changed in mplayer:
assignee: nobody → fujitsu
importance: Undecided → High
status: New → In Progress
assignee: nobody → fujitsu
importance: Undecided → High
status: New → In Progress
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for the debdiffs. Gutsy's mplayer uses dpatch for patch management. Can you update the gutsy debdiff to use dpatch?

Revision history for this message
William Grant (wgrant) wrote :

It doesn't really use dpatch for it; it uses bzr. Somebody unrelated to the package decided to add dpatch very late in the cycle, without telling anyone, and without bzr, and we're trying to ignore that mistake. bzr + dpatch == silly.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mplayer - 2:1.0~rc2-0ubuntu9

---------------
mplayer (2:1.0~rc2-0ubuntu9) hardy; urgency=low

  [ Luke Yelavich ]
  * etc/example.conf: Use pulseaudio by default, and fallback to alsa.

  [ William Grant ]
  * SECURITY UPDATE: buffer overruns in CDDB, MOV demuxer, FLAC header parser,
    and URL parser. (LP: #191488)
  * libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c,
    stream/url.c: Patches from upstream.
  * References:
    - CVE-2008-0485
    - CVE-2008-0486
    - CVE-2008-0629
    - CVE-2008-0630
  * debian/rules: Unset CFLAGS, to make it build again.

 -- William Grant <email address hidden> Mon, 24 Mar 2008 13:55:38 +1100

Changed in mplayer:
status: In Progress → Fix Released
Changed in mplayer:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu13.2

---------------
mplayer (2:1.0~rc1-0ubuntu13.2) gutsy-security; urgency=low

  * SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header
    parser, and URL parser. (LP: #191488)
  * stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c,
    stream/realrtsp/rmff.h, libmpdemux/demux_audio.c, libmpdemux/demux_mov.c,
    stream/stream_cddb.c, stream/url.c: Patches from upstream.
  * References:
    - CVE-2008-0225
    - CVE-2008-0238
    - CVE-2008-0485
    - CVE-2008-0486
    - CVE-2008-0629
    - CVE-2008-0630

 -- William Grant <email address hidden> Sat, 08 Mar 2008 21:14:04 +1100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu9.3

---------------
mplayer (2:1.0~rc1-0ubuntu9.3) feisty-security; urgency=low

  * SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header
    parser, and URL parser. (LP: #191488)
  * stream/librtsp/rtsp_session.c, stream/realrtsp/rmff.c,
    stream/realrtsp/rmff.h, libmpdemux/demux_audio.c, libmpdemux/demux_mov.c,
    stream/stream_cddb.c, stream/url.c: Patches from upstream.
  * References:
    - CVE-2008-0225
    - CVE-2008-0238
    - CVE-2008-0485
    - CVE-2008-0486
    - CVE-2008-0629
    - CVE-2008-0630

 -- William Grant <email address hidden> Sat, 08 Mar 2008 21:42:49 +1100

Changed in mplayer:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in mplayer:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers