LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2011-112 (libmodplug)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2011-112] libmodplug: Multiple
	Vulnerabilities 


Date:
    	      Mon, 5 Sep 2011 14:55:36 +0300


Message-ID:
    	      <201109051455.36673.meltem@pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-112           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-09-05
      Type: Local
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in libmodplug. 


Description
===========

CVE-2011-2911: 

An integer overflow error  exists  within  the  "CSoundFile::ReadWav()" 
function (src/load_wav.cpp) when processing certain WAV files. This can 
be exploited to cause a heap-based buffer overflow by tricking  a  user 
into opening a specially 

crafted WAV file. 



CVE-2011-2912: 

Boundary   errors within   the    "CSoundFile::ReadS3M()"    function   
(src/load_s3m.cpp) when processing S3M files can be exploited to  cause 
stack-based buffer overflows by tricking a user into opening a specially
crafted S3M file. 



CVE-2011-2913: 

An  off-by-one error  within  the   "CSoundFile::ReadAMS()"   function  
(src/load_ams.cpp) can be exploited to  cause  a  stack  corruption  by 
tricking a user into opening a specially crafted AMS file. 



CVE-2011-2914: 

An  off-by-one error  within  the   "CSoundFile::ReadDSM()"   function  
(src/load_dms.cpp) can be exploited to cause  a  memory  corruption  by 
tricking a user into opening a specially crafted DSM file. 



CVE-2011-2915: 

An  off-by-one error  within  the  "CSoundFile::ReadAMS2()"   function  
(src/load_ams.cpp) can be exploited to cause  a  memory  corruption  by 
tricking a user into opening a specially crafted AMS file. 



Affected packages:

  Pardus 2009:
    libmodplug, all before 0.8.7-7-7
  Pardus 2011:
    libmodplug, all before 0.8.8.1-7


Resolution
==========

There are update(s) for libmodplug. You can  update  them  via  Package 
Manager or with a single command from console: 

  Pardus 2009:
    pisi up libmodplug

  Pardus 2011:
    pisi up libmodplug


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18917

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds