Pardus: 2011-112: libmodplug: Multiple
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in libmodplug.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-112           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-09-05
      Type: Local
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in libmodplug.


Description
==========
CVE-2011-2911:

An integer overflow error  exists  within  the  "CSoundFile::ReadWav()"
function (src/load_wav.cpp) when processing certain WAV files. This can
be exploited to cause a heap-based buffer overflow by tricking  a  user
into opening a specially

crafted WAV file.



CVE-2011-2912:

Boundary   errors within   the    "CSoundFile::ReadS3M()"    function
(src/load_s3m.cpp) when processing S3M files can be exploited to  cause
stack-based buffer overflows by tricking a user into opening a specially
crafted S3M file.



CVE-2011-2913:

An  off-by-one error  within  the   "CSoundFile::ReadAMS()"   function
(src/load_ams.cpp) can be exploited to  cause  a  stack  corruption  by
tricking a user into opening a specially crafted AMS file.



CVE-2011-2914:

An  off-by-one error  within  the   "CSoundFile::ReadDSM()"   function
(src/load_dms.cpp) can be exploited to cause  a  memory  corruption  by
tricking a user into opening a specially crafted DSM file.



CVE-2011-2915:

An  off-by-one error  within  the  "CSoundFile::ReadAMS2()"   function
(src/load_ams.cpp) can be exploited to cause  a  memory  corruption  by
tricking a user into opening a specially crafted AMS file.



Affected packages:

  Pardus 2009:
    libmodplug, all before 0.8.7-7-7
  Pardus 2011:
    libmodplug, all before 0.8.8.1-7


Resolution
=========
There are update(s) for libmodplug. You can  update  them  via  Package
Manager or with a single command from console:

  Pardus 2009:
    pisi up libmodplug

  Pardus 2011:
    pisi up libmodplug


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id917

------------------------------------------------------------------------