[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 272/06 - Four Mandriva Linux Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 272/06 dated 10.04.06  Time: 14:25  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four  Mandriva Linux Security Advisories:

1. MDKSA-2006:065 - Updated kaffeine packages fix remote buffer overflow vulnerability

2. MDKSA-2006:066 - Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty

3. MDKSA-2006:067 - Updated clamav packages fix vulnerabilities

4. MDKSA-2006:068 - Updated mplayer packages fix integer overflow vulnerabilities

Detail
====== 

1.  Marcus Meissner discovered Kaffeine contains an unchecked buffer while
 creating HTTP request headers for fetching remote RAM playlists, which
 allows overflowing a heap allocated buffer. As a result, remotely
 supplied RAM playlists can be used to execute arbitrary code on the
 client machine.

2.  Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 
 might allow remote attackers to cause a denial of service (crash) and 
 possibly execute arbitrary code by causing the external database query to fail. 

3.  Damian Put discovered an integer overflow in the PE header parser in
 ClamAV that could be exploited if the ArchiveMaxFileSize option was
 disabled (CVE-2006-1614).

4.  Multiple integer overflows in MPlayer 1.0pre7try2 allow remote
 attackers to cause a denial of service and trigger heap-based buffer
 overflows via (1) a certain ASF file handled by asfheader.c that causes
 the asf_descrambling function to be passed a negative integer after the
 conversion from a char to an int or (2) an AVI file with a crafted
 wLongsPerEntry or nEntriesInUse value in the indx chunk, which is
 handled in aviheader.c.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:065
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kaffeine
 Date    : April 5, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Marcus Meissner discovered Kaffeine contains an unchecked buffer while
 creating HTTP request headers for fetching remote RAM playlists, which
 allows overflowing a heap allocated buffer. As a result, remotely
 supplied RAM playlists can be used to execute arbitrary code on the
 client machine.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0051
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 221dc2b4b5a7c83d2071c076ee3493ec  2006.0/RPMS/kaffeine-0.7-6.1.20060mdk.i586.rpm
 2c7e274246e1dc740f8697c0f210925d  2006.0/RPMS/libkaffeine0-0.7-6.1.20060mdk.i586.rpm
 9b5bb05954386af7505784a955243b25  2006.0/RPMS/libkaffeine0-devel-0.7-6.1.20060mdk.i586.rpm
 7b313e26ca91b6f306b28be4fb9f5aa2  2006.0/SRPMS/kaffeine-0.7-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8f4271cab6ec4670ed8e76d6c1711ec9  x86_64/2006.0/RPMS/kaffeine-0.7-6.1.20060mdk.x86_64.rpm
 fadb3df8afb1d523946fa59298287185  x86_64/2006.0/RPMS/lib64kaffeine0-0.7-6.1.20060mdk.x86_64.rpm
 6ed84efb236fb8e0aeccb42bbb00b57b  x86_64/2006.0/RPMS/lib64kaffeine0-devel-0.7-6.1.20060mdk.x86_64.rpm
 7b313e26ca91b6f306b28be4fb9f5aa2  x86_64/2006.0/SRPMS/kaffeine-0.7-6.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEM9h0mqjQ0CJFipgRAmkFAJ9UlKXHZ8geXu9clxUPI1JzokKcqgCfenWD
IKy9b4oDlt49DTdaFSX8b1A=
=o2Jq
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:066
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : freeradius
 Date    : April 5, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 
 might allow remote attackers to cause a denial of service (crash) and 
 possibly execute arbitrary code by causing the external database query to fail. 
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4744
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 dbf792c05499b1b0f483e2628e4e3a0c  2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.i586.rpm
 20a499885c152171b4ecf72617301e86  2006.0/RPMS/libfreeradius1-1.0.4-2.2.20060mdk.i586.rpm
 eb639a959447585207f47499a92a81b6  2006.0/RPMS/libfreeradius1-devel-1.0.4-2.2.20060mdk.i586.rpm
 a37aecd75fec4406a1d944aea926b63b  2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.2.20060mdk.i586.rpm
 e5e6c92fdce5c10a999d462dc96f20b3  2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.2.20060mdk.i586.rpm
 ec0beb94a0016f0da9764fe833a1a41b  2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.2.20060mdk.i586.rpm
 d5fec5ff3bd6053851e8dbcfddefe535  2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.2.20060mdk.i586.rpm
 f18a3cdc2cd4b0e3f7d7ceb84cdc34be  2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.2.20060mdk.i586.rpm
 750de7e23906aa4f6bbc6a8ed6da295b  2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 f75f0826766c30532fbcbbd27ffeccc8  x86_64/2006.0/RPMS/freeradius-1.0.4-2.2.20060mdk.x86_64.rpm
 4310dba6f4752ae7b27d15fe0af2a402  x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.2.20060mdk.x86_64.rpm
 547dbae3b463e33982ad319c65384a8a  x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.2.20060mdk.x86_64.rpm
 1fa46e4c163c05bed1a8544f02881782  x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.2.20060mdk.x86_64.rpm
 941a65dbf633ce8c27d8177f1e92bcc8  x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.2.20060mdk.x86_64.rpm
 524fa1fd942ba855bcc0ca61f809c0df  x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.2.20060mdk.x86_64.rpm
 401ef07bb964c66a600f4c2d36ba8a55  x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.2.20060mdk.x86_64.rpm
 d35f0af7da3f4df1ff3d05bcae31244c  x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.2.20060mdk.x86_64.rpm
 750de7e23906aa4f6bbc6a8ed6da295b  x86_64/2006.0/SRPMS/freeradius-1.0.4-2.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENCwEmqjQ0CJFipgRAuPTAJ9FWccQDpjy/26zJJNUDEK7+riKzACfQqD8
krtp8GgCoZ+TdrKKXvoC6E8=
=RRZg
- -----END PGP SIGNATURE-----



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:067
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : April 7, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Damian Put discovered an integer overflow in the PE header parser in
 ClamAV that could be exploited if the ArchiveMaxFileSize option was
 disabled (CVE-2006-1614).
 
 Format strings in the logging code could possibly lead to the execution
 of arbitrary code (CVE-2006-1615).
 
 David Luyer found that ClamAV could be tricked into an invalid memory
 access in the cli_bitset_set() function, which could lead to a Denial
 of Service (CVE-2006-1630).
 
 This update provides ClamAV 0.88.1 which corrects this issue and also
 fixes some other bugs.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 78af90cdd26037ecc4753cc223ef1b46  10.2/RPMS/clamav-0.88.1-0.1.102mdk.i586.rpm
 386742ea0d3fa49e7d4116c883632c40  10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.i586.rpm
 162bac111e036526638c9556404f84ef  10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.i586.rpm
 790cae6bca4f206d0d41ccdc9aab4172  10.2/RPMS/clamd-0.88.1-0.1.102mdk.i586.rpm
 f4ec987f6de8dbe0fa0a370a8513576c  10.2/RPMS/libclamav1-0.88.1-0.1.102mdk.i586.rpm
 4cf47fde81840efb4c17e24181587fad  10.2/RPMS/libclamav1-devel-0.88.1-0.1.102mdk.i586.rpm
 4ae4f91cb63670f018c84644685708d1  10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 d67ab22811cc7329d889fd2953ff98e4  x86_64/10.2/RPMS/clamav-0.88.1-0.1.102mdk.x86_64.rpm
 1750f5d9e63d9e37a170114cee64fe7f  x86_64/10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.x86_64.rpm
 28310e3fb5eba18cb1312591ee94b747  x86_64/10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.x86_64.rpm
 afa8503930c109873deb561d0bf19637  x86_64/10.2/RPMS/clamd-0.88.1-0.1.102mdk.x86_64.rpm
 90b6e2108b96abc940309dbdf277c15b  x86_64/10.2/RPMS/lib64clamav1-0.88.1-0.1.102mdk.x86_64.rpm
 53b7e0d8aa707a2679121c1ee3e3a68d  x86_64/10.2/RPMS/lib64clamav1-devel-0.88.1-0.1.102mdk.x86_64.rpm
 4ae4f91cb63670f018c84644685708d1  x86_64/10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 604deb9acc669892e83889e21003da72  2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.i586.rpm
 130c0cd5592f794dff01c816da87a22c  2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.i586.rpm
 c70b05eb926c8de70e8c61404ffe878d  2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.i586.rpm
 744662b01972ca7d4e8cf319778f5e70  2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.i586.rpm
 b33e83e43cf31b1cf8b01d4ae0140cb6  2006.0/RPMS/libclamav1-0.88.1-0.1.20060mdk.i586.rpm
 494e3c588012bb49c7539379a1ed7d04  2006.0/RPMS/libclamav1-devel-0.88.1-0.1.20060mdk.i586.rpm
 ee0dad2e6693a49018772d523b31caf7  2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 9ed21b8dfaf3cc0e97642c01a60cb77e  x86_64/2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.x86_64.rpm
 6c9774f949aa4d6543fe73465fa18fd3  x86_64/2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.x86_64.rpm
 7da7ff8ca78611296e2a9deeb13f3c21  x86_64/2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.x86_64.rpm
 0cdd6ea74f17fb4179d86005a0ee74a0  x86_64/2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.x86_64.rpm
 e029708922271f57d28fb04fbfbc670e  x86_64/2006.0/RPMS/lib64clamav1-0.88.1-0.1.20060mdk.x86_64.rpm
 0c6075c66b0fc5aa791d661e4b356f7e  x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.1-0.1.20060mdk.x86_64.rpm
 ee0dad2e6693a49018772d523b31caf7  x86_64/2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm

 Corporate 3.0:
 338f4fde8dc1b3c025a0aafe7e3f1d16  corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.i586.rpm
 0b103f86de58322decb7eab357ae8303  corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.i586.rpm
 872ff963443a695f7339925e17751fb4  corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.i586.rpm
 4398815889ab571ef8a88aaa1cd96d0c  corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.i586.rpm
 422f5145947d02532671885b115a6ef6  corporate/3.0/RPMS/libclamav1-0.88.1-0.1.C30mdk.i586.rpm
 8b14d93a15408fb129c66d1395c3595c  corporate/3.0/RPMS/libclamav1-devel-0.88.1-0.1.C30mdk.i586.rpm
 ad723ef00c23c3b8c36be5aee40abb15  corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 01fd41e817e1d96789b1b9dc43cbd760  x86_64/corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.x86_64.rpm
 434648110ef5603f85049ae02e44b7e4  x86_64/corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.x86_64.rpm
 10a1d45e5d53d170112b1698fcdb66ba  x86_64/corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.x86_64.rpm
 c1f38d2e0d753997b096c5e0fbf4f575  x86_64/corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.x86_64.rpm
 b1bd0032ab359f4a25b48675df76e1be  x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.1-0.1.C30mdk.x86_64.rpm
 bc9dfa91d651edaf6957def3c502ec21  x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.1-0.1.C30mdk.x86_64.rpm
 ad723ef00c23c3b8c36be5aee40abb15  x86_64/corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENquymqjQ0CJFipgRAv1PAKDWy48nobAGlEt7Zy8IYnosPSt52ACgj2jv
itI9Qf3vHSG+ead8P1Sjzvc=
=Nzey
- -----END PGP SIGNATURE-----



4.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:068
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mplayer
 Date    : April 7, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple integer overflows in MPlayer 1.0pre7try2 allow remote
 attackers to cause a denial of service and trigger heap-based buffer
 overflows via (1) a certain ASF file handled by asfheader.c that causes
 the asf_descrambling function to be passed a negative integer after the
 conversion from a char to an int or (2) an AVI file with a crafted
 wLongsPerEntry or nEntriesInUse value in the indx chunk, which is
 handled in aviheader.c.
 
 The updated packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 03c437640874758ea658eff341005320  2006.0/RPMS/libdha1.0-1.0-1.pre7.12.3.20060mdk.i586.rpm
 a2b8e4aabaafd0c884eb659f6cd0feaf  2006.0/RPMS/libpostproc0-1.0-1.pre7.12.3.20060mdk.i586.rpm
 d1676891039ac155896170842f97ed40  2006.0/RPMS/libpostproc0-devel-1.0-1.pre7.12.3.20060mdk.i586.rpm
 28fca9318c85691868955113a8c7808b  2006.0/RPMS/mencoder-1.0-1.pre7.12.3.20060mdk.i586.rpm
 7c16c92c8ed358e216dacab0b018278b  2006.0/RPMS/mplayer-1.0-1.pre7.12.3.20060mdk.i586.rpm
 5a3ff20ed2086148e600d0f1a88e1ef2  2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.3.20060mdk.i586.rpm
 b427ac400ce812c26d4a72b9fb0dd20c  2006.0/SRPMS/mplayer-1.0-1.pre7.12.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 e0e4cfa862c584978ed8ac02f2be19a0  x86_64/2006.0/RPMS/lib64postproc0-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
 a12a7da30ba364ded2558b17ce961ca9  x86_64/2006.0/RPMS/lib64postproc0-devel-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
 a0716acb06f3473646a6077f8fb0684c  x86_64/2006.0/RPMS/mencoder-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
 2e1e0b7cd6ce8c13f80d4de208550268  x86_64/2006.0/RPMS/mplayer-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
 74e8472e651326cf569f912c76548a80  x86_64/2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
 b427ac400ce812c26d4a72b9fb0dd20c  x86_64/2006.0/SRPMS/mplayer-1.0-1.pre7.12.3.20060mdk.src.rpm

 Corporate 3.0:
 e96a39ec87ce97b97a3ccc10b7ea80cc  corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.7.C30mdk.i586.rpm
 6466d0a2b2a01ddf3bb4d25f477e8fb6  corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.7.C30mdk.i586.rpm
 ac89e6c99a5f83217bf0633661d035e1  corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.7.C30mdk.i586.rpm
 301733fd13558987b64c3404cbe992d6  corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.7.C30mdk.i586.rpm
 ff5e64d0353c5047711b71a472816b20  corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.7.C30mdk.i586.rpm
 92337dd6b2c24822e0473a9f89680163  corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.7.C30mdk.i586.rpm
 70e6a51230bf28e9215b0036f3290d55  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 7d84b489e9df376ef008a309f0da66c7  x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
 f9003ffa5f6b32b6d677208d71bebf11  x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
 5363a56acd413b4e93f22897eaf38c2b  x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
 1c493d2eddd5cc94b1d32cdc52f16ca1  x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
 b58a53a83e69fc98a739c447272c2174  x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
 70e6a51230bf28e9215b0036f3290d55  x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENrGJmqjQ0CJFipgRAsfYAKDZQDuekBTFG7PkVGgkxcb0mUoq2QCff87M
R3mkFIQc01Y93nlu56TQ/wo=
=RwtP
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBRDpb0Ipao72zK539AQH4qgP/dhsEwrtC631o8PaR4Mu2UxQearaKkUUC
HpCesdwZ9CpKa0ExbuKXNve5UqJZc5+IqUJI6NETniS3nf0kIPBMTXF8QRWDtV+E
JsTCpw/gVq58txcIikF52x+FjWpe2aiVzzKJhBoLlXB8evoMj9VNYblLPWcECCuP
gYSU4PoDV8o=
=lH/l
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________