Pardus: Libmikmod: Denial of Service
Posted by Benjamin D. Thomas   
Some vulnerabilities have been reported in libmikmod, which can be exploited by malicious people to cause a DoS (Denial of Service).

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-12            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-01-23
  Severity: 2
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Some vulnerabilities have been reported  in  libmikmod,  which  can  be 
exploited by malicious people to cause a DoS (Denial of Service). 


Description
===========



1) A vulnerability is caused due to the library using a global variable 
to keep track of the number of channels, which can be exploited to crash
an application using the library by e.g. loading  a  module  with  more 
channels than the currently playing module. 



2) A vulnerability is caused due to an error when processing the header 
of certain XM files, which can be exploited  to  crash  an  application 
using the library via a specially crafted XM file. 


Affected packages:

  Pardus 2008:
    libmikmod, all before 3.1.11-6-3


Resolution
==========

There are update(s) for libmikmod. You  can  update  them  via  Package 
Manager or with a single command from console: 

    pisi up libmikmod

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=9036
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0179
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6720
  * http://secunia.com/Advisories/33485/