• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MPG123 Layer 2 Frame Header Heap Overflow Vulnerability

Solution:
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r9"

Mandrake has released an advisory MDKSA-2005:009 to address this issue. Please see the referenced advisory for more information.


mpg123 mpg123 0.59 r

• Mandrake mpg123-0.59r-21.3.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-21.3.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-22.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-22.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-22.2.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-22.2.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-22.2.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php