Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE: 2018:2015-1 Moderate: libopenmpt Memory Issue Fix

opensuse
Calendar Grey July 20, 2018
Dist Opensuse Esm H88
A recent security patch for libopenmpt tackles memory vulnerabilities in openSUSE Leap 15.0. Explore the specifics regarding the resolutions and their potential effects.
An update that fixes two vulnerabilities is now available.

Description

This update for libopenmpt to version 0.3.9 fixes the following issues:

These security issues were fixed:

- CVE-2018-11710: Prevent write near address 0 in out-of-memory situations

when reading AMS files (bsc#1095644)

- CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files

containing pattern loops (bsc#1089080)

These non-security issues were fixed:

- [Bug] openmpt123: Fixed build failure in C++17 due to use of removed

feature std::random_shuffle.

- STM: Having both Bxx and Cxx commands in a pattern imported the Bxx

command incorrectly.

- STM: Last character of sample name was missing.

- Speed up reading of truncated ULT files.

- ULT: Portamento import was sometimes broken.

- The resonant filter was sometimes unstable when combining low-volume

samples, low cutoff and high mixing rates.

- Keep track of active SFx macro during seeking.

- The "note cut" duplicate note action did not volume-ramp the...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate update memory issue out-of-bounds openSUSE libopenmpt

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-742=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

libmodplug-devel-0.3.9-lp150.2.3.1

libmodplug1-0.3.9-lp150.2.3.1

libmodplug1-debuginfo-0.3.9-lp150.2.3.1

libopenmpt-debugsource-0.3.9-lp150.2.3.1

libopenmpt-devel-0.3.9-lp150.2.3.1

libopenmpt0-0.3.9-lp150.2.3.1

libopenmpt0-debuginfo-0.3.9-lp150.2.3.1

libopenmpt_modplug1-0.3.9-lp150.2.3.1

libopenmpt_modplug1-debuginfo-0.3.9-lp150.2.3.1

openmpt123-0.3.9-lp150.2.3.1

openmpt123-debuginfo-0.3.9-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libmodplug1-32bit-0.3.9-lp150.2.3.1

libmodplug1-32bit-debuginfo-0.3.9-lp150.2.3.1

libopenmpt0-32bit-0.3.9-lp150.2.3.1

libopenmpt0-32bit-debuginfo-0.3.9-lp150.2.3.1

libopenmpt_modplug1-32bit-0.3.9-lp150.2.3.1

libopenmpt_modplug1-32bit-debuginfo-0.3.9-lp150.2.3.1

References

https://www.suse.com/security/cve/CVE-2018-10017.html

https://www.suse.com/security/cve/CVE-2018-11710.html

https://bugzilla.suse.com/1089080

https://bugzilla.suse.com/1095644

--

Announcement ID: openSUSE-SU-2018:2015-1
Rating: moderate
Affected Products: openSUSE Leap 15.0

Topics%20covered

Topics Covered

security advisory moderate update memory issue out-of-bounds openSUSE libopenmpt

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here