Paketname
libmodplug
Datum
2011-05-13
Advisory ID
MDVSA-2011:085
Betroffene Versionen
2009.0 x86_64 , 2009.0 i586 , 2010.1 i586 , 2010.1 x86_64

Problembeschreibung

A vulnerability has been found and corrected in libmodplug:

Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in
libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary
code via a crafted S3M file (CVE-2011-1574).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2009.0 x86_64

 9f1a4c783975566870f412d643c6c95a  2009.0/x86_64/lib64modplug0-0.8.4-4.2mdv2009.0.x86_64.rpm
 d68177dc9b55df1900a981947cb32520  2009.0/x86_64/lib64modplug0-devel-0.8.4-4.2mdv2009.0.x86_64.rpm 
 d545599350e7c3e03e1a57896e9f8395  2009.0/SRPMS/libmodplug-0.8.4-4.2mdv2009.0.src.rpm

2009.0 i586

 4a4fa4068429ab84ecce9c552b5bf8a1  2009.0/i586/libmodplug0-0.8.4-4.2mdv2009.0.i586.rpm
 e1616da4215f692214a145339b8ad87c  2009.0/i586/libmodplug0-devel-0.8.4-4.2mdv2009.0.i586.rpm 
 d545599350e7c3e03e1a57896e9f8395  2009.0/SRPMS/libmodplug-0.8.4-4.2mdv2009.0.src.rpm

2010.1 i586

 f0d2a83320ebbe6136516aff859f7ff9  2010.1/i586/libmodplug0-0.8.7-2.1mdv2010.2.i586.rpm
 80cf642dca57641590faa16ce26c7c15  2010.1/i586/libmodplug-devel-0.8.7-2.1mdv2010.2.i586.rpm 
 0ae123ab1adac8845fa829d21d4a6070  2010.1/SRPMS/libmodplug-0.8.7-2.1mdv2010.2.src.rpm

2010.1 x86_64

 05b3baaa1cab19aeb38f7b48364b43fa  2010.1/x86_64/lib64modplug0-0.8.7-2.1mdv2010.2.x86_64.rpm
 2c3e7227f7563cdcb2d9c45e93080181  2010.1/x86_64/lib64modplug-devel-0.8.7-2.1mdv2010.2.x86_64.rpm 
 0ae123ab1adac8845fa829d21d4a6070  2010.1/SRPMS/libmodplug-0.8.7-2.1mdv2010.2.src.rpm

Referenzen