Welcome!

Linux Authors: Frank Huerta, Adrian Bridgwater, Pieter Van Heck, Esmeralda Swartz, Gary Kaiser

Related Topics: Virtualization, Linux

Virtualization: Article

Security Alert: Mplayer Users Urged to Upgrade to Latest Version

Security Alert: Mplayer Users Urged to Upgrade to Latest Version

Users of the popular Mplayer media device are being urged to upgrade to the latest version, due to a bug. The vulnerability is in the GUI interface, which contains buffer overflow weak-spots. A skillfully crafted, bogus GUI interface could be used to get the user to play the system, and hence execute arbitrary code.

Vulnerable versions are those before 1.0 pre4. Gentoo Linux suggested updating to a later release. Developers were more cautious and urged users of Mplayers not to use the GUI at all since other similar bugs are likely to be discovered.

In June, one programmer wrote on a developers' e-mail list that there are many buffer overflows in Mplayer. "I would recommend not using the GUI," he wrote. "This code is so nasty and broken that I'm not going to spend my time fixing it... if you want the GUI to work, and don't want to be embarrassed by remote [vulnerabilities] in Mplayer, step up and fix it."

All Mplayers are vulnerable to this problem. A month ago the bug was reported on the Bugtrap security mailing list. A patch was release by the Mplayer project in response that Linux vendors are now using.

More Stories By Security News Desk

SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.