MDVSA-2009:272-1
- Package name
- libmikmod
- Date
- 2009-12-05
- Advisory ID
- MDVSA-2009:272-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in libmikmod:
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause
a denial of service (application crash) by loading multiple songs
(aka MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
3a471dfbdeb20ddc7690fb7989c3a128 2008.0/i586/libmikmod2-3.1.11a-8.1mdv2008.0.i586.rpm 208ec4e453c86fc86d465747ec77e76e 2008.0/i586/libmikmod-devel-3.1.11a-8.1mdv2008.0.i586.rpm 11b8cbef0a3ae2be83e34f6559ebb769 2008.0/SRPMS/libmikmod-3.1.11a-8.1mdv2008.0.src.rpm
2008.0 x86_64
1b9a2ff2c7f0d01782f78b4dd1246bff 2008.0/x86_64/lib64mikmod2-3.1.11a-8.1mdv2008.0.x86_64.rpm b87cfa37b6f63c0cc1bb7988185d181d 2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.1mdv2008.0.x86_64.rpm 11b8cbef0a3ae2be83e34f6559ebb769 2008.0/SRPMS/libmikmod-3.1.11a-8.1mdv2008.0.src.rpm