Lucene search

K
slackwareSlackware Linux ProjectSSA-2016-034-02
HistoryFeb 04, 2016 - 12:05 a.m.

[slackware-security] MPlayer

2016-02-0400:05:34
Slackware Linux Project
www.slackware.com
19

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

77.2%

New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz: Upgraded.
This is the latest MPlayer-1.2 branch, identical to the 1.2.1 stable release.
The bundled ffmpeg has been upgraded to 2.8.5, which fixes two security
issues by which a remote attacker may conduct a cross-origin attack and read
arbitrary files on the system.
For more information, see:
https://vulners.com/cve/CVE-2016-1897
https://vulners.com/cve/CVE-2016-1898
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/MPlayer-1.2_20160125-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/MPlayer-1.2_20160125-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/MPlayer-1.2_20160125-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
ae6fb26d324d92424d7a2c916ad3db5c MPlayer-1.2_20160125-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
829a450e5e3e210900285362f89d4d20 MPlayer-1.2_20160125-x86_64-1_slack13.0.txz

Slackware 13.1 package:
47180e392294fdc4af5c7bb0b3726bd1 MPlayer-1.2_20160125-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2b46c4fc104775fda7fb66dc5e4c9fab MPlayer-1.2_20160125-x86_64-1_slack13.1.txz

Slackware 13.37 package:
555698c9f7e19698d11af54c30010420 MPlayer-1.2_20160125-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
e838620fff3b7897c4abf400b7d6cc44 MPlayer-1.2_20160125-x86_64-1_slack13.37.txz

Slackware 14.0 package:
4a553ffaa10ab8449cf57290044710d7 MPlayer-1.2_20160125-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
3af17776a3215a2e29cce431a2d09529 MPlayer-1.2_20160125-x86_64-1_slack14.0.txz

Slackware 14.1 package:
5f3162bcdb712761405a6c12425de3a8 MPlayer-1.2_20160125-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
6877204e82bc69b766956a8e7cc2f8e5 MPlayer-1.2_20160125-x86_64-1_slack14.1.txz

Slackware -current package:
270a1cf094a3175084f99fa13a2de51e xap/MPlayer-1.2_20160125-i586-1.txz

Slackware x86_64 -current package:
c24b4bd9c2c206f58f512cf113ad9d79 xap/MPlayer-1.2_20160125-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg MPlayer-1.2_20160125-i486-1_slack14.1.txz

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

77.2%