--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2021-64168929e4
2021-01-14 01:37:01.292546
--------------------------------------------------------------------------------Name        : adplug
Product     : Fedora 33
Version     : 2.3.3
Release     : 1.fc33
URL         : https://adplug.github.io/
Summary     : Software library for AdLib (OPL2/3) emulation
Description :
AdPlug is a free software, cross-platform, hardware independent AdLib
sound player library, mainly written in C++. AdPlug plays sound data,
originally created for the AdLib (OPL2/3) audio board, directly from
its original format on top of an OPL2/3 emulator or by using the real
hardware. No OPL2/3 chips are required for playback.

--------------------------------------------------------------------------------Update Information:

AdPlug 2.3.3 ============    - New RAD player replacing the old one   - Bug
fixes: (huge thanks to Alexander Miller for these)     - CVE-2019-14690 - buffer
overflow in `.bmf`     - CVE-2019-14691 - buffer overflow in `.dtm`     -CVE-2019-14692 - buffer overflow in `.mkj`     - CVE-2019-14732 - buffer
overflow in `.a2m`     - CVE-2019-14733 - buffer overflow in `.rad`     -CVE-2019-14734 - buffer overflow in `.mtk`     - CVE-2019-15151 - double free
and OOB reads in `.u6m`     - OOB reads in `.xad`     - OOB reads in `.rix`
AdPlug 2.3.2 ============    - Bug fixes:     - FMOPL: Fix global variable
pointer double-free (CVE-2018-17825)     - HERAD: Fix compilation on GCC 4.2.1
- ADL: Calling `rewind()` before `update()` causes access violation     - Move
OPL reset/init code to `rewind()` for some players   AdPlug 2.3.1 ===========- Fixed unconditional inclusion of "sys/io.h" on Linux   - Autotools improvement
- Non-recursive Automake, improved parallelizability     - Compatibility fixes
for FreeBSD's pmake and OpenBSD's make     - Out-of-source building   AdPlug 2.3
==========    - Bug fixes:     - CMF: Fix uninitialised variable use (thanks
binarymaster)     - CMF: Handle invalid offsets without crashing     - ROL:
Prevent access beyond end of vector     - MSC: Fix use of uninitialised variable
- HSC: Handle out of range patterns more gracefully     - MID: Fix out of range
array read     - LDS: Use the tempo stored inside the Loudness-File instead of
simply returning 70Hz     - RIX: Fix several replay bugs (thanks to Palxex)
- RIX: Big-endian fix by Wei Mingzhi     - XAD: Tempo fix     - Various other
out of bounds array fixes, timing fixes, etc.   - New formats:     - BMF: Easy
AdLib 1.0     - CMF: SoundFX Macs Opera     - GOT: God of Thunder     -HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD)     - MUS/IMS/MDI: AdLib
Visual Composer ROL derivatives     - SOP: sopepos' Note Player     - VGM: Video
Game Music   - Allow compilation on platforms that don't support real OPL
hardware access   - Add support for compiling on Appveyor and publishing a NuGet
package   - Add Visual Studio 2015 projects   - Add support for Travis CI builds
- Add new CRC16 and CRC32 tests   - Addition of WoodyOPL from DOSBox SVN (thanks
to NY00123)   - Addition of NukedOPL (thanks to loki666 and nukeykt)   - Move
from SourceForge to GitHub   - DRO player refactored (thanks to Laurence Myers
and William Yates)   - Add (mono) OPL3 support to the surround/harmonic-effect
OPL   - Fix occasional random noise in right channel when using surround OPL and
Satoh synth   - Add display for ROL comment and instrument names   - Improve
support for different Westwood ADL format versions   - Improve CMF transpose
support (per-channel now)   - Autotools build environment updated
--------------------------------------------------------------------------------ChangeLog:

* Tue Jan  5 2021 Robert Scheck  - 2.3.3-1
- Upgrade to 2.3.3 (#1743108, #1770224, #1770243, #1770257,
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1743108 - CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h
        https://bugzilla.redhat.com/show_bug.cgi?id=1743108
  [ 2 ] Bug #1770224 - CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=1770224
  [ 3 ] Bug #1770243 - CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=1770243
  [ 4 ] Bug #1770257 - CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=1770257
  [ 5 ] Bug #1778710 - CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp
        https://bugzilla.redhat.com/show_bug.cgi?id=1778710
  [ 6 ] Bug #1778716 - CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp
        https://bugzilla.redhat.com/show_bug.cgi?id=1778716
  [ 7 ] Bug #1778720 - CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp
        https://bugzilla.redhat.com/show_bug.cgi?id=1778720
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-64168929e4' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 33: adplug 2021-64168929e4

January 13, 2021
AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - b...

Summary

AdPlug is a free software, cross-platform, hardware independent AdLib

sound player library, mainly written in C++. AdPlug plays sound data,

originally created for the AdLib (OPL2/3) audio board, directly from

its original format on top of an OPL2/3 emulator or by using the real

hardware. No OPL2/3 chips are required for playback.

AdPlug 2.3.3 ============ - New RAD player replacing the old one - Bug

fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer

overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` -CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer

overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -CVE-2019-14734 - buffer overflow in `.mtk` - CVE-2019-15151 - double free

and OOB reads in `.u6m` - OOB reads in `.xad` - OOB reads in `.rix`

AdPlug 2.3.2 ============ - Bug fixes: - FMOPL: Fix global variable

pointer double-free (CVE-2018-17825) - HERAD: Fix compilation on GCC 4.2.1

- ADL: Calling `rewind()` before `update()` causes access violation - Move

OPL reset/init code to `rewind()` for some players AdPlug 2.3.1 ===========- Fixed unconditional inclusion of "sys/io.h" on Linux - Autotools improvement

- Non-recursive Automake, improved parallelizability - Compatibility fixes

for FreeBSD's pmake and OpenBSD's make - Out-of-source building AdPlug 2.3

========== - Bug fixes: - CMF: Fix uninitialised variable use (thanks

binarymaster) - CMF: Handle invalid offsets without crashing - ROL:

Prevent access beyond end of vector - MSC: Fix use of uninitialised variable

- HSC: Handle out of range patterns more gracefully - MID: Fix out of range

array read - LDS: Use the tempo stored inside the Loudness-File instead of

simply returning 70Hz - RIX: Fix several replay bugs (thanks to Palxex)

- RIX: Big-endian fix by Wei Mingzhi - XAD: Tempo fix - Various other

out of bounds array fixes, timing fixes, etc. - New formats: - BMF: Easy

AdLib 1.0 - CMF: SoundFX Macs Opera - GOT: God of Thunder -HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD) - MUS/IMS/MDI: AdLib

Visual Composer ROL derivatives - SOP: sopepos' Note Player - VGM: Video

Game Music - Allow compilation on platforms that don't support real OPL

hardware access - Add support for compiling on Appveyor and publishing a NuGet

package - Add Visual Studio 2015 projects - Add support for Travis CI builds

- Add new CRC16 and CRC32 tests - Addition of WoodyOPL from DOSBox SVN (thanks

to NY00123) - Addition of NukedOPL (thanks to loki666 and nukeykt) - Move

from SourceForge to GitHub - DRO player refactored (thanks to Laurence Myers

and William Yates) - Add (mono) OPL3 support to the surround/harmonic-effect

OPL - Fix occasional random noise in right channel when using surround OPL and

Satoh synth - Add display for ROL comment and instrument names - Improve

support for different Westwood ADL format versions - Improve CMF transpose

support (per-channel now) - Autotools build environment updated

* Tue Jan 5 2021 Robert Scheck - 2.3.3-1

- Upgrade to 2.3.3 (#1743108, #1770224, #1770243, #1770257,

[ 1 ] Bug #1743108 - CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h

https://bugzilla.redhat.com/show_bug.cgi?id=1743108

[ 2 ] Bug #1770224 - CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1770224

[ 3 ] Bug #1770243 - CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1770243

[ 4 ] Bug #1770257 - CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1770257

[ 5 ] Bug #1778710 - CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp

https://bugzilla.redhat.com/show_bug.cgi?id=1778710

[ 6 ] Bug #1778716 - CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp

https://bugzilla.redhat.com/show_bug.cgi?id=1778716

[ 7 ] Bug #1778720 - CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp

https://bugzilla.redhat.com/show_bug.cgi?id=1778720

su -c 'dnf upgrade --advisory FEDORA-2021-64168929e4' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2021-64168929e4 2021-01-14 01:37:01.292546 Product : Fedora 33 Version : 2.3.3 Release : 1.fc33 URL : https://adplug.github.io/ Summary : Software library for AdLib (OPL2/3) emulation Description : AdPlug is a free software, cross-platform, hardware independent AdLib sound player library, mainly written in C++. AdPlug plays sound data, originally created for the AdLib (OPL2/3) audio board, directly from its original format on top of an OPL2/3 emulator or by using the real hardware. No OPL2/3 chips are required for playback. AdPlug 2.3.3 ============ - New RAD player replacing the old one - Bug fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` -CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -CVE-2019-14734 - buffer overflow in `.mtk` - CVE-2019-15151 - double free and OOB reads in `.u6m` - OOB reads in `.xad` - OOB reads in `.rix` AdPlug 2.3.2 ============ - Bug fixes: - FMOPL: Fix global variable pointer double-free (CVE-2018-17825) - HERAD: Fix compilation on GCC 4.2.1 - ADL: Calling `rewind()` before `update()` causes access violation - Move OPL reset/init code to `rewind()` for some players AdPlug 2.3.1 ===========- Fixed unconditional inclusion of "sys/io.h" on Linux - Autotools improvement - Non-recursive Automake, improved parallelizability - Compatibility fixes for FreeBSD's pmake and OpenBSD's make - Out-of-source building AdPlug 2.3 ========== - Bug fixes: - CMF: Fix uninitialised variable use (thanks binarymaster) - CMF: Handle invalid offsets without crashing - ROL: Prevent access beyond end of vector - MSC: Fix use of uninitialised variable - HSC: Handle out of range patterns more gracefully - MID: Fix out of range array read - LDS: Use the tempo stored inside the Loudness-File instead of simply returning 70Hz - RIX: Fix several replay bugs (thanks to Palxex) - RIX: Big-endian fix by Wei Mingzhi - XAD: Tempo fix - Various other out of bounds array fixes, timing fixes, etc. - New formats: - BMF: Easy AdLib 1.0 - CMF: SoundFX Macs Opera - GOT: God of Thunder -HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD) - MUS/IMS/MDI: AdLib Visual Composer ROL derivatives - SOP: sopepos' Note Player - VGM: Video Game Music - Allow compilation on platforms that don't support real OPL hardware access - Add support for compiling on Appveyor and publishing a NuGet package - Add Visual Studio 2015 projects - Add support for Travis CI builds - Add new CRC16 and CRC32 tests - Addition of WoodyOPL from DOSBox SVN (thanks to NY00123) - Addition of NukedOPL (thanks to loki666 and nukeykt) - Move from SourceForge to GitHub - DRO player refactored (thanks to Laurence Myers and William Yates) - Add (mono) OPL3 support to the surround/harmonic-effect OPL - Fix occasional random noise in right channel when using surround OPL and Satoh synth - Add display for ROL comment and instrument names - Improve support for different Westwood ADL format versions - Improve CMF transpose support (per-channel now) - Autotools build environment updated * Tue Jan 5 2021 Robert Scheck - 2.3.3-1 - Upgrade to 2.3.3 (#1743108, #1770224, #1770243, #1770257, [ 1 ] Bug #1743108 - CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h https://bugzilla.redhat.com/show_bug.cgi?id=1743108 [ 2 ] Bug #1770224 - CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770224 [ 3 ] Bug #1770243 - CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770243 [ 4 ] Bug #1770257 - CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770257 [ 5 ] Bug #1778710 - CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1778710 [ 6 ] Bug #1778716 - CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1778716 [ 7 ] Bug #1778720 - CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp https://bugzilla.redhat.com/show_bug.cgi?id=1778720 su -c 'dnf upgrade --advisory FEDORA-2021-64168929e4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 33
Version : 2.3.3
Release : 1.fc33
URL : https://adplug.github.io/
Summary : Software library for AdLib (OPL2/3) emulation

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved