Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

openSUSE 11.4: 2011:0943-1 Important: Libmodplug Critical Updates

opensuse
Calendar Grey August 24, 2011
Dist Opensuse Esm H88
Key announcement from openSUSE regarding significant security threats in libmodplug, featuring essential patches and upgraded versions.
An update that fixes 6 vulnerabilities is now available

Description

This update of libmodplug0 fixes the following issues:

1) An integer overflow error exists within the

"CSoundFile::ReadWav()" function (src/load_wav.cpp) when

processing certain WAV files. This can be exploited to

cause a heap-based buffer overflow by tricking a user into

opening a specially crafted WAV file. (CVE-2011-2911)

2) Boundary errors within the "CSoundFile::ReadS3M()"

function (src/load_s3m.cpp) when processing S3M files can

be exploited to cause stack-based buffer overflows by

tricking a user into opening a specially crafted S3M file.

(CVE-2011-2912)

3) An off-by-one error within the "CSoundFile::ReadAMS()"

function (src/load_ams.cpp) can be exploited to cause a

stack corruption by tricking a user into opening a

specially crafted AMS file. (CVE-2011-2913)

4) An off-by-one error within the "CSoundFile::ReadDSM()"

function (src/load_dms.cpp) can be exploited to cause a

memory corruption by tricking a user into...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow memory corruption multiple fixes important update libmodplug openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch libmodplug-5004

- openSUSE 11.3:

zypper in -t patch libmodplug-5004

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4 (i586 x86_64) [New Version: 0.8.8.4]:

libmodplug-devel-0.8.8.4-2.2.1

libmodplug0-0.8.8.4-2.2.1

- openSUSE 11.4 (x86_64) [New Version: 0.8.8.4]:

libmodplug0-32bit-0.8.8.4-2.2.1

- openSUSE 11.3 (i586 x86_64) [New Version: 0.8.8.4]:

libmodplug-devel-0.8.8.4-2.2.1

libmodplug0-0.8.8.4-2.2.1

- openSUSE 11.3 (x86_64) [New Version: 0.8.8.4]:

libmodplug0-32bit-0.8.8.4-2.2.1

References

https://www.suse.com/security/cve/CVE-2011-1761.html

https://www.suse.com/security/cve/CVE-2011-2911.html

https://www.suse.com/security/cve/CVE-2011-2912.html

https://www.suse.com/security/cve/CVE-2011-2913.html

https://www.suse.com/security/cve/CVE-2011-2914.html

https://www.suse.com/security/cve/CVE-2011-2915.html

https://extlogin.opentext.com/nidp/idff/sso?RequestID=idlfSL_HbAXhDjoTH3QzuSUS9wnO4&MajorVersion=1&MinorVersion=2&IssueInstant=2025-12-11T00%3A21%3A50Z&ProviderID=https%3A%2F%2Fwww.microfocus.com%3A443%2Fnesp%2Fidff%2Fmetadata&RelayState=MA%3D%3D&consent=urn%3Aliberty%3Aconsent%3Aunavailable&agAppNa=bugzilla&ForceAuthn=false&IsPassive=false&NameIDPolicy=onetime&ProtocolProfile=http%3A%2F%2Fprojectliberty.org%2Fprofiles%2Fbrws-art&target=https%3A%2F%2Fwww.microfocus.com%2FLAGBroker%3F%2522https%3A%2F%2Fbugzilla.novell.com%2F710726%2522&AuthnContextStatementRef=novell%2Fname%2Fpassword%2Furi

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2011:0943-1
Rating: important
Affected Products: openSUSE 11.4 openSUSE 11.3 . It includes one version update.

Topics%20covered

Topics Covered

security advisory buffer overflow memory corruption multiple fixes important update libmodplug openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here