MDVSA-2011:085
- Package name
- libmodplug
- Date
- 2011-05-13
- Advisory ID
- MDVSA-2011:085
- Affected versions
- 2009.0 x86_64 , 2009.0 i586 , 2010.1 i586 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in libmodplug:
Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in
libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary
code via a crafted S3M file (CVE-2011-1574).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
Updated packages
2009.0 x86_64
9f1a4c783975566870f412d643c6c95a 2009.0/x86_64/lib64modplug0-0.8.4-4.2mdv2009.0.x86_64.rpm d68177dc9b55df1900a981947cb32520 2009.0/x86_64/lib64modplug0-devel-0.8.4-4.2mdv2009.0.x86_64.rpm d545599350e7c3e03e1a57896e9f8395 2009.0/SRPMS/libmodplug-0.8.4-4.2mdv2009.0.src.rpm
2009.0 i586
4a4fa4068429ab84ecce9c552b5bf8a1 2009.0/i586/libmodplug0-0.8.4-4.2mdv2009.0.i586.rpm e1616da4215f692214a145339b8ad87c 2009.0/i586/libmodplug0-devel-0.8.4-4.2mdv2009.0.i586.rpm d545599350e7c3e03e1a57896e9f8395 2009.0/SRPMS/libmodplug-0.8.4-4.2mdv2009.0.src.rpm
2010.1 i586
f0d2a83320ebbe6136516aff859f7ff9 2010.1/i586/libmodplug0-0.8.7-2.1mdv2010.2.i586.rpm 80cf642dca57641590faa16ce26c7c15 2010.1/i586/libmodplug-devel-0.8.7-2.1mdv2010.2.i586.rpm 0ae123ab1adac8845fa829d21d4a6070 2010.1/SRPMS/libmodplug-0.8.7-2.1mdv2010.2.src.rpm
2010.1 x86_64
05b3baaa1cab19aeb38f7b48364b43fa 2010.1/x86_64/lib64modplug0-0.8.7-2.1mdv2010.2.x86_64.rpm 2c3e7227f7563cdcb2d9c45e93080181 2010.1/x86_64/lib64modplug-devel-0.8.7-2.1mdv2010.2.x86_64.rpm 0ae123ab1adac8845fa829d21d4a6070 2010.1/SRPMS/libmodplug-0.8.7-2.1mdv2010.2.src.rpm