MGASA-2024-0242 - Updated libopenmpt packages fix security vulnerabilities

Publication date: 28 Jun 2024
URL: https://advisories.mageia.org/MGASA-2024-0242.html
Type: security
Affected Mageia releases: 9

Possible out-of-bounds read or write when reading malformed MED files.
(r19389).
[Null-pointer write (32bit platforms) or excessive memory allocation
(64bit platforms) when reading close to 4GiB of data from unseekable
files (r20336, r20338).
Write buffer overflow when reading unseekable files close to 4GiB in
size (r20339).
[Possible out-of-memory (32bit platforms) or excessive memory allocation
(64bit platforms) when reading malformed data from unseekable files
(r20340).
DMF: Possible null-pointer write or excessive memory allocation when
reading DMF files (r20323).
Potential heap out-of-bounds read or write past sample end with
malformed sustain loops in SymMOD files (r20420).
Potential heap out-of-bounds read with malformed Dynamic Studio DSm
files (r20912).

References:
- https://bugs.mageia.org/show_bug.cgi?id=33333
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVQOQRGG6SYMGVWYOQWZ6D5URKRT4FKC/
- https://lib.openmpt.org/libopenmpt/2023/06/18/security-updates-0.7.2-0.6.11-0.5.25-release-0.4.37/
- https://lib.openmpt.org/libopenmpt/2024/03/17/security-updates-0.7.5-0.6.14-0.5.28-0.4.40/
- https://lib.openmpt.org/libopenmpt/2024/03/24/security-updates-0.7.6-0.6.15-0.5.29-0.4.41/
- https://lib.openmpt.org/libopenmpt/2024/06/09/security-update-0.7.8-releases-0.6.17-0.5.31-0.4.43/

SRPMS:
- 9/core/libopenmpt-0.7.8-1.mga9