MPG123 Remote URL Open Buffer Overflow Vulnerability

MPG123 Remote URL Open Buffer Overflow Vulnerability

Solution:
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo Linux has released an advisory (GLSA 200410-27) dealing with this issue. Gentoo advises that all mpg123 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r5"

For more information, please see the referenced Gentoo Linux advisory.

Debian Linux has released advisory DSA 578-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Mandrake Linux has released advisory MDKSA-2004:120 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

mpg123 mpg123 pre0.59s

mpg123 mpg123 0.59 r

Debian mpg123-esd_0.59r-13woody4_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-13woody4_alpha.deb

Debian mpg123-esd_0.59r-13woody4_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-13woody4_i386.deb

Debian mpg123-esd_0.59r-13woody4_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-13woody4_powerpc.deb

Debian mpg123-nas_0.59r-13woody4_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0 .59r-13woody4_i386.deb

Debian mpg123-oss-3dnow_0.59r-13woody4_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3 dnow_0.59r-13woody4_i386.deb

Debian mpg123-oss-i486_0.59r-13woody4_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i 486_0.59r-13woody4_i386.deb

Debian mpg123_0.59r-13woody4_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody4_alpha.deb

Debian mpg123_0.59r-13woody4_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody4_arm.deb

Debian mpg123_0.59r-13woody4_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody4_hppa.deb

Debian mpg123_0.59r-13woody4_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody4_i386.deb

Debian mpg123_0.59r-13woody4_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody4_m68k.deb

Debian mpg123_0.59r-13woody4_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody4_powerpc.deb

Debian mpg123_0.59r-13woody4_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody4_sparc.deb

Mandrake mpg123-0.59r-21.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake mpg123-0.59r-21.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mpg123-0.59r-22.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake mpg123-0.59r-22.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake mpg123-0.59r-22.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake mpg123-0.59r-22.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php