Language Selection

English French German Italian Portuguese Spanish

Security Flaws Found in Mplayer and Elm

Filed under
Security

Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Electronic Mail for Unix (Elm), a venerable e-mail client still used by many Linux and Unix systems administrators, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux.

The Elm flaw involves a boundary error when the client reads an e-mail's "Expires" header. A specially crafted e-mail could exploit the bug to cause a buffer overflow and execute malicious code on a system, according to security researchers.

The bug in Mplayer is the latest media-player bug to plague systems administrators. Widely used desktop applications such as media players are more difficult to patch than server-side bugs, because there are many times more copies in use, often without the knowledge of IT managers.

The flaw affects Mplayer versions 1.0pre7 and earlier and hasn't been patched, according to an advisory from FrSIRT.

Full Story.

More in Tux Machines

Games and Emulation

Linux Devices

Koozali SME Server 8.2 Reaches End of Life on March 31, Upgrade to Koozali SME 9

Koozali Foundation, through Terry Fage, announced the availability of a final set of updates for the Koozali SME Server 8.2 operating system, which will reach end of life this week. Patching some of the reported bugs, the new packages released today for Koozali SME Server 8.2 are e-smith-ibays-2.2.0-16.el5.sme.noarch.rpm, e-smith-manager-2.2.0-14.el5.sme.noarch.rpm, smeserver-clamav-2.2.0-15.el5.sme.noarch.rpm, smeserver-locale-*-2.2.0-56.el5.sme.noarch.rpm, and smeserver-yum-2.2.0-26.el5.sme.noarch.rpm. Read more

Development News

  • GCC for New Contributors
    I’m a relative newcomer to GCC, so I thought it was worth documenting some of the hurdles I ran into when I started working on GCC, to try to make it easier for others to start hacking on GCC. Hence this guide.
  • #1: Easy Package Registration
    Last month, Brian Ripley announced on r-devel that registration of routines would now be tested for by R CMD check in r-devel (which by next month will become R 3.4.0). A NOTE will be issued now, this will presumably turn into a WARNING at some point. Writing R Extensions has an updated introduction) of the topic.
  • Emacs as C IDE and JHBuild
    Although Builder clearly is The Future as GNOME IDE, I still all my coding in Emacs, mostly because I have been using it for such a long time that my brain is to all the shortcuts and workflows. But Emacs can be a good IDE too. The most obvious everyday features that I want from an IDE are good source code navigation and active assistance while editing. In the first category are tasks like jumping to symbol's definition, find all callers of a function and such things. For editing, auto-completion, immediate warnings and error reporting, semantic-aware re-factoring are a must. Specifically for GNOME related development, I need all this to also work with JHBuild.