[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] WANTED: mikmod patches
From: Thomas Biege <thomas () suse ! de>
Date: 2010-02-22 13:16:58
Message-ID: 201002221416.59018.thomas () suse ! de
[Download RAW message or body]
Hello,
has somebody a pointer to the patches for CVE-2009-3996
and CVE-2009-3995?
The last release from upstream was 2+ yrs old.
These IDs are from a Secunia advisory about mikmod:
..
======================================================================
3) Vendor's Description of Software
"Mikmod is a module player and library supporting many formats,
including mod, s3m, it, and xm.".
Product Link:
http://sourceforge.net/projects/mikmod/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered some vulnerabilities in libmikmod,
which can be exploited by malicious people to potentially compromise a
user's system.
1) Three boundary errors in the Impulse Tracker parser when parsing
an instrument containing a column, panning, or pitch envelope with
more than ENVPOINTS (32) points can result in a heap-based buffer
overflow.
2) A boundary error in the Ultratracker parser when parsing a file
with more than UF_MAXCHAN (64) channels can result in a heap-based
buffer overflow.
Successful exploitation may allow arbitrary code execution in the
context of the process using the libmikmod library when opening a
specially crafted module file.
--
Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic