Ubuntu alert USN-8206-1 (libopenmpt)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-8206-1] OpenMPT vulnerability
Date:
             
 
Thu, 23 Apr 2026 17:09:49 +0000
Message-ID:
             
 
<E1wFxYj-0002NT-OA@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-8206-1
April 23, 2026

libopenmpt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

OpenMPT could be made to crash if it received specially crafted input.

Software Description:
- libopenmpt: module music library based on OpenMPT

Details:

Antonio Morales Maldonado discovered that OpenMPT did not properly limit
the length of strings in certain cases, leading to a buffer overflow.
An attacker could possibly use this issue to cause OpenMPT to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  libopenmpt-dev                  0.3.6-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libopenmpt-modplug1             0.3.6-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libopenmpt0                     0.3.6-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  openmpt123                      0.3.6-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8206-1
  CVE-2019-17113


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnqUGEACgkQcpJm3tlz
hgHA+w/9GqDclo74JB6c6lpBBvnZxSfgmx5bxDMurIabzX+4nCiHpNCXtIfn+unz
i9FezaGGM/yLRqB77I0DptepQ18ZxOAi8wSV61oW5+WBdiQp2/WpSJW6k+6M/Tki
/VxUT4Zn4+KPeTk3NQ91w0iSioZgG1qo2q5liodONRo7KZ3SURIXRzb1rlE8B+vQ
IL9n1hIeWxWkDkLIkpwSgGoW1RqY/g7EE6WhTroFIHBud5H5/lUdt2kwo4tj0STZ
r5xOSkCPw5EyJaknxnn1NTdifVoyb0FQ7hp5j9hr4vwwbwxgrz4xjMQ+4Zyy2H/L
6AguIgPKh90JT0XJSr4LPgLIQSbBH0jFGxzON4u229spVDRYFyTzKLqdZ/tNvtgq
MH6K5kBxEZyb26DmYeiA4y4AJQai5PNX8+5A3yOcmLylmYICfD7uCm6RZtYJ0nvw
J//hNFdVzTE9bKc6Jqj/CTjGCfhd/PBVGWIpj1kbj7CwURg7tiOYjUEwCNhudkUp
ehPNCeN+PR0Z3BViIQ7lagzN7Irp1c6GJALRdDWB7b6dlcZLRFp9JiZ9vJEqkBJp
c7av5kcjIktxPNxSjLPFiUNGikr7jGYtJzG8aD8L5kKFTDu/M31lqEqysBfxIU3x
gE9NbYbWf2iZiqxw23/I0UY7UPGx9FfiQBgAXcWVDHQLsPYX+0k=
=g/JA
-----END PGP SIGNATURE-----