SUSE Security Update: Security update for libmikmod
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1471-1
Rating: moderate
References: #625547
Cross-References: CVE-2009-3995 CVE-2010-2546
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libmikmod fixes the following issues:
- CVE-2010-2546: Multiple heap-based buffer overflows in
loaders/load_it.c in libmikmod, might allow remote attackers to execute
arbitrary code via (1) crafted samples or (2) crafted instrument
definitions in an Impulse Tracker file, related to panpts, pitpts, and
IT_ProcessEnvelope. NOTE: some of these details are obtained from
third party information. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2009-3995. (bsc#625547).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-libmikmod-13630=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-libmikmod-13630=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libmikmod-3.1.11a-116.2.3.1
libmikmod-devel-3.1.11a-116.2.3.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libmikmod-debuginfo-3.1.11a-116.2.3.1
libmikmod-debugsource-3.1.11a-116.2.3.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):
libmikmod-debuginfo-32bit-3.1.11a-116.2.3.1
References:
https://www.suse.com/security/cve/CVE-2009-3995.html
https://www.suse.com/security/cve/CVE-2010-2546.html
https://bugzilla.suse.com/625547
SUSE: 2018:1471-1 moderate: libmikmod
May 30, 2018
An update that fixes two vulnerabilities is now available
Summary
This update for libmikmod fixes the following issues: - CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. (bsc#625547). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libmikmod-13630=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libmikmod-13630=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmikmod-3.1.11a-116.2.3.1 libmikmod-devel-3.1.11a-116.2.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmikmod-debuginfo-3.1.11a-116.2.3.1 libmikmod-debugsource-3.1.11a-116.2.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): libmikmod-debuginfo-32bit-3.1.11a-116.2.3.1
References
#625547
Cross- CVE-2009-3995 CVE-2010-2546
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2009-3995.html
https://www.suse.com/security/cve/CVE-2010-2546.html
https://bugzilla.suse.com/625547
Severity
Announcement ID: SUSE-SU-2018:1471-1
Rating: moderate
News
HOWTOs
Features
About Us
Powered By
