LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2010:151: libmikmod Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in libmikmod: Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file (CVE-2009-3995). [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:151
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libmikmod
 Date    : August 16, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in libmikmod:
 
 Multiple heap-based buffer overflows might allow remote attackers
 to execute arbitrary code via (1) crafted samples or (2) crafted
 instrument definitions in an Impulse Tracker file (CVE-2009-3995).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2971
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 3239adc6a61914a960c8bb07ebab58d2  2008.0/i586/libmikmod2-3.1.11a-8.2mdv2008.0.i586.rpm
 4a88081c44652b1abbb2168bad46fc17  2008.0/i586/libmikmod-devel-3.1.11a-8.2mdv2008.0.i586.rpm 
 ecdb3414bb5ff4fde670f2983432fe92  2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 41d721fc0ade6181626d66527e08260f  2008.0/x86_64/lib64mikmod2-3.1.11a-8.2mdv2008.0.x86_64.rpm
 b9af3c6d02828c7c36f2d47275142a01  2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.2mdv2008.0.x86_64.rpm 
 ecdb3414bb5ff4fde670f2983432fe92  2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 0c32865a362e5949549bd0597f1c3288  2009.0/i586/libmikmod3-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm
 1f0c55a841c82430a4a455b9c0fd185f  2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 
 3b736a5f6560c844e05d797772240ff8  2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 da510127c478758616146f2069b013ca  2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm
 ce57822efa45f0e36aa1d79f7cc75763  2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm 
 3b736a5f6560c844e05d797772240ff8  2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 1987e95ad4486d0d70a5cb3f15462815  2009.1/i586/libmikmod3-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm
 7c1d6e99214eca60d5e1b27d742557ac  2009.1/i586/libmikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 
 2cf8f0a1794e134bad1f0510a4d4b255  2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 06d66faa37c282dbee789de65dc5b246  2009.1/x86_64/lib64mikmod3-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm
 5940b272dda3c628bbf27799e43db079  2009.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 
 2cf8f0a1794e134bad1f0510a4d4b255  2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 754014cea8f3645395151dc2b7a4cc58  2010.0/i586/libmikmod3-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm
 cd1e7fca287c53499d973478c7813a6f  2010.0/i586/libmikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm 
 9db426850551cd0d47d49dce62bddf29  2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 477871f309a92d2912811fb31fea0943  2010.0/x86_64/lib64mikmod3-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm
 4c02e2863a04a2201233ce6f0822fbb5  2010.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 
 9db426850551cd0d47d49dce62bddf29  2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 5dc9e3bcb87870d04daaeea37c1c7c90  2010.1/i586/libmikmod3-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm
 30fd5e1c50381c01c621c67f83e46c53  2010.1/i586/libmikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm 
 a8e35035a0439a36aed7acb4c6cd8c66  2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 c642403d884dcd4aef507757d7688b4a  2010.1/x86_64/lib64mikmod3-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm
 b64cda55aeb0450fea2ad3af07fece31  2010.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm 
 a8e35035a0439a36aed7acb4c6cd8c66  2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm

 Mandriva Enterprise Server 5:
 6798c40fffe0cec1532ed4ea2470b041  mes5/i586/libmikmod3-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm
 2b4f452bcfcd7ccbc1f9eea217b3e8ed  mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 
 18ee204b5ffc212d4fb027b912a75c0b  mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5e4fb9c93420186fc60c96e38b9ea412  mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm
 e285e5b3413fe8f0de6b71caa903c8f9  mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm 
 18ee204b5ffc212d4fb027b912a75c0b  mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.