Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:120)
Critical Nessus Plugin ID 15600
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionCarlos Barros discovered two buffer overflow vulnerabilities in mpg123; the first in the getauthfromURL() function and the second in the http_open() function. These vulnerabilities could be exploited to possibly execute arbitrary code with the privileges of the user running mpg123.
The provided packages are patched to fix these issues, as well additional boundary checks that were lacking have been included (thanks to the Gentoo Linux Sound Team for these additional fixes).
SolutionUpdate the affected mpg123 package.