==========================================================Ubuntu Security Notice USN-995-1         September 29, 2010
libmikmod vulnerabilities
CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996,
CVE-2010-2546, CVE-2010-2971
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libmikmod2                      3.1.11-6ubuntu3.8.04.1

Ubuntu 9.04:
  libmikmod2                      3.1.11-6ubuntu3.9.04.1

Ubuntu 9.10:
  libmikmod2                      3.1.11-6ubuntu4.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that libMikMod incorrectly handled songs with different
channel counts. If a user were tricked into opening a crafted song file,
an attacker could cause a denial of service. (CVE-2007-6720)

It was discovered that libMikMod incorrectly handled certain malformed XM
files. If a user were tricked into opening a crafted XM file, an attacker
could cause a denial of service. (CVE-2009-0179)

It was discovered that libMikMod incorrectly handled certain malformed
Impulse Tracker files. If a user were tricked into opening a crafted
Impulse Tracker file, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)

It was discovered that libMikMod incorrectly handled certain malformed
Ultratracker files. If a user were tricked into opening a crafted
Ultratracker file, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-3996)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:   339148 88b89686ec91f5173c6dd8b80ce8e64e
          Size/MD5:      730 9d56dccce0535ee3c48ca642da04705a
          Size/MD5:   611590 705106da305e8de191549f1e7393185c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   266550 9200823b863117753bac8a1aae63c2ca
          Size/MD5:   155628 cff0d15986f092c78cda7bb3a657e1f6

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   244016 27453dd915f85ccd7dba0710ecab4acc
          Size/MD5:   146476 b67d8d50c02001e45eb618d51f4329a1

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   248392 706f9438583e4364b4265ec8d8543bc4
          Size/MD5:   148608 5c727d7e661e44044017cb7bd6ab3402

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   285392 c4ebd492d87451cc2979554da7e6fa34
          Size/MD5:   173928 e45de26f887292b7482eca418459e60c

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   258120 702fbd120d05a9f1d645f85ec45ea211
          Size/MD5:   148446 029492bfe2015986538e1f141ab51f93

Updated packages for Ubuntu 9.04:

  Source archives:

          Size/MD5:   338916 a771044f7ddf578a1618e1667effd243
          Size/MD5:     1150 031a6ed819b4e9f59dc4614f42f91109
          Size/MD5:   611590 705106da305e8de191549f1e7393185c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   265286 5189d1d5a185819b8f0a3860fd3ecc2b
          Size/MD5:   156988 f76e952924eceebdde01d9671f96b9b9

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   244312 00502a3a984d2b40bffdf46d016caa20
          Size/MD5:   147096 8cb46dd80877e60c1300e0b471a42cba

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   247818 33fa14fe4ee9a538eb1c998928a302ab
          Size/MD5:   148464 75e5cde38085b939f4c3ad709f2a6b0d

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   281656 34e746a50fbd0acd34192b9e899e161f
          Size/MD5:   172672 69ec0a2145ea106602c2f3fa454bc346

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   255260 70cb1b7d5521b00ae993686d9336bb12
          Size/MD5:   149422 d9e458beb786bbe71ecbf51f3ba6e758

Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:   338972 b044cd4c0262d4d38fc94de90fb520d4
          Size/MD5:     1130 1feb8d8fcb433337e8ddad65e2076e4a
          Size/MD5:   611590 705106da305e8de191549f1e7393185c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   267300 627cc54b1a4b2ed57ae5c1de295e614c
          Size/MD5:   157340 c36998f34e2807dbb8af42934b8ede5e

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   244300 063e16e7e89f79a9d8b457a3881b5820
          Size/MD5:   148654 615e8ada1a87f7aee7e5ccd51c2dca4e

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   247994 fe717add1af434a346b59982f5e3c7c5
          Size/MD5:   151404 e13a0f651953441fc9cc5958ef874d0d

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   281960 9199bd4701581881b31df45c5ede258f
          Size/MD5:   174950 ad1450f700117577ddede6fc3755d5da

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   260378 cd74bc83de2b60ed9cf4fc442e0352e1
          Size/MD5:   152910 b684a3227432d45c220bb1378a4ed3d7

Ubuntu 995-1: libMikMod vulnerabilities

September 29, 2010
It was discovered that libMikMod incorrectly handled songs with different channel counts

Summary

Update Instructions

References

Severity
libmikmod vulnerabilities

Package Information

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved