Nom du paquet
libmikmod
Date
2009-12-05
Advisory ID
MDVSA-2009:272-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libmikmod:

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause
a denial of service (application crash) by loading multiple songs
(aka MOD files) with different numbers of channels (CVE-2007-6720).

libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).

This update fixes these vulnerabilities.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 3a471dfbdeb20ddc7690fb7989c3a128  2008.0/i586/libmikmod2-3.1.11a-8.1mdv2008.0.i586.rpm
 208ec4e453c86fc86d465747ec77e76e  2008.0/i586/libmikmod-devel-3.1.11a-8.1mdv2008.0.i586.rpm 
 11b8cbef0a3ae2be83e34f6559ebb769  2008.0/SRPMS/libmikmod-3.1.11a-8.1mdv2008.0.src.rpm

2008.0 x86_64

 1b9a2ff2c7f0d01782f78b4dd1246bff  2008.0/x86_64/lib64mikmod2-3.1.11a-8.1mdv2008.0.x86_64.rpm
 b87cfa37b6f63c0cc1bb7988185d181d  2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.1mdv2008.0.x86_64.rpm 
 11b8cbef0a3ae2be83e34f6559ebb769  2008.0/SRPMS/libmikmod-3.1.11a-8.1mdv2008.0.src.rpm

References