Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorymoderateupdateSUSE Linux 11-SP4: 2018:1471-1 Moderate: Libmikmod Buffer Overflow
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for libmikmod ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1471-1 Rating: moderate References: #625547 Cross-References: CVE-2009-3995 CVE-2010-2546 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmikmod fixes the following issues: - CVE-2010-2546: Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. (bsc#625547). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libmikmod-13630=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libmikmod-13630=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmikmod-3.1.11a-116.2.3.1 libmikmod-devel-3.1.11a-116.2.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmikmod-debuginfo-3.1.11a-116.2.3.1 libmikmod-debugsource-3.1.11a-116.2.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): libmikmod-debuginfo-32bit-3.1.11a-116.2.3.1 References: https://www.suse.com/security/cve/CVE-2009-3995.html https://www.suse.com/security/cve/CVE-2010-2546.html https://bugzilla.suse.com/625547 . SUSE Security Patch for libmikmod tackles moderate security flaws, offering a comprehensive repair instruction manual.. SUSE Linux, libmikmod, security update, software development, patch management. . LinuxSecurity.com Team
May 30, 2018
SuSE
91
security advisorydenial of servicegentooGentoo: GLSA-201203-10 Moderate: libmikmod Denial of Service
Multiple buffer overflow vulnerabilities in libmikmod may allow an attacker to execute arbitrary code or cause a Denial of Service condition. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libmikmod: User-assisted execution of arbitrary code Date: March 06, 2012 Bugs: #335892 ID: 201203-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple buffer overflow vulnerabilities in libmikmod may allow an attacker to execute arbitrary code or cause a Denial of Service condition. Background ========= libmikmod is a library to play a wide range of module formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libmikmod < 3.2.0_beta2-r3 > = 3.2.0_beta2-r3 *> = 3.1.12-r1 Description ========== Multiple boundary errors have been found in load_it.c in libmikmod, which may cause a buffer overflow. Impact ===== A remote attacker could entice a user to open specially crafted files in an application linked against libmikmod, possibly resulting in execution of arbitrary code with the permissions of the user running the application, or Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All libmikmod 3.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =media-libs/libmikmod-3.2.0_beta2-r3" All libmikmod 3.1 users should upgrade to thelatest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/libmikmod-3.1.12-r1" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========= [ 1 ] CVE-2010-2546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546 [ 2 ] CVE-2010-2971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201203-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 06, 2012
Gentoo
172
security advisorydenial of servicecriticalUbuntu 8.04, 9.04, 9.10 USN-995-1 Critical: libMikMod DoS
It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. (CVE-2007-6720) [More...]. ==========================================================Ubuntu Security Notice USN-995-1 September 29, 2010 libmikmod vulnerabilities CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libmikmod2 3.1.11-6ubuntu3.8.04.1 Ubuntu 9.04: libmikmod2 3.1.11-6ubuntu3.9.04.1 Ubuntu 9.10: libmikmod2 3.1.11-6ubuntu4.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. (CVE-2007-6720) It was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. (CVE-2009-0179) It was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971) It was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratrackerfile, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3996) Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 339148 88b89686ec91f5173c6dd8b80ce8e64e Size/MD5: 730 9d56dccce0535ee3c48ca642da04705a Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 266550 9200823b863117753bac8a1aae63c2ca Size/MD5: 155628 cff0d15986f092c78cda7bb3a657e1f6 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 244016 27453dd915f85ccd7dba0710ecab4acc Size/MD5: 146476 b67d8d50c02001e45eb618d51f4329a1 lpia architecture (Low Power Intel Architecture): Size/MD5: 248392 706f9438583e4364b4265ec8d8543bc4 Size/MD5: 148608 5c727d7e661e44044017cb7bd6ab3402 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 285392 c4ebd492d87451cc2979554da7e6fa34 Size/MD5: 173928 e45de26f887292b7482eca418459e60c sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 258120 702fbd120d05a9f1d645f85ec45ea211 Size/MD5: 148446 029492bfe2015986538e1f141ab51f93 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 338916 a771044f7ddf578a1618e1667effd243 Size/MD5: 1150 031a6ed819b4e9f59dc4614f42f91109 Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 265286 5189d1d5a185819b8f0a3860fd3ecc2b Size/MD5: 156988 f76e952924eceebdde01d9671f96b9b9 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 244312 00502a3a984d2b40bffdf46d016caa20 Size/MD5: 147096 8cb46dd80877e60c1300e0b471a42cba lpia architecture (Low Power Intel Architecture): Size/MD5: 24781833fa14fe4ee9a538eb1c998928a302ab Size/MD5: 148464 75e5cde38085b939f4c3ad709f2a6b0d powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 281656 34e746a50fbd0acd34192b9e899e161f Size/MD5: 172672 69ec0a2145ea106602c2f3fa454bc346 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 255260 70cb1b7d5521b00ae993686d9336bb12 Size/MD5: 149422 d9e458beb786bbe71ecbf51f3ba6e758 Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 338972 b044cd4c0262d4d38fc94de90fb520d4 Size/MD5: 1130 1feb8d8fcb433337e8ddad65e2076e4a Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 267300 627cc54b1a4b2ed57ae5c1de295e614c Size/MD5: 157340 c36998f34e2807dbb8af42934b8ede5e i386 architecture (x86 compatible Intel/AMD): Size/MD5: 244300 063e16e7e89f79a9d8b457a3881b5820 Size/MD5: 148654 615e8ada1a87f7aee7e5ccd51c2dca4e lpia architecture (Low Power Intel Architecture): Size/MD5: 247994 fe717add1af434a346b59982f5e3c7c5 Size/MD5: 151404 e13a0f651953441fc9cc5958ef874d0d powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 281960 9199bd4701581881b31df45c5ede258f Size/MD5: 174950 ad1450f700117577ddede6fc3755d5da sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 260378 cd74bc83de2b60ed9cf4fc442e0352e1 Size/MD5: 152910 b684a3227432d45c220bb1378a4ed3d7 . ==========================================================Ubuntu Security Notice USN-995-1 September. libmikmod, incorrectly, handled, songs, different, channel, counts. . Severity: Critical. LinuxSecurity.com Team
Sep 29, 2010
•Critical
Ubuntu
87
security advisorybuffer overflowDebianDebian: DSA-2082-2 Urgent: Libxslt Remote Code Execution Risk
Tomas Hoger discovered that the upstream fix for CVE-2009-3995 was insufficient. This update provides a corrected package. For the stable distribution (lenny), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2081-1
Aug 01, 2010
•Critical
Debian
87
security advisorybuffer overflowcriticalDebian 5.0 Lenny DSA-2071-1 Critical: Libmikmod Buffer Overflow Exploit
Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2071-1
Jul 14, 2010
•Critical
Debian
89
security advisoryFedorabug fixFedora 11: 2009-9112 Moderate: Libmikmod Crash Resolved
. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9112 2009-08-28 21:17:00 -------------------------------------------------------------------------------- Name : libmikmod Product : Fedora 11 Version : 3.2.0 Release : 5.beta2.fc11 URL : Summary : A MOD music file player library Description : libmikmod is a library used by the mikmod MOD music file player for UNIX-like systems. Supported file formats include MOD, STM, S3M, MTM, XM, ULT and IT. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2009 Jindrich Novy 3.2.0-5.beta2 - fix CVE-2007-6720 (#479829) - fix CVE-2009-0179 (#479833) -------------------------------------------------------------------------------- References: [ 1 ] Bug #479829 - CVE-2007-6720 mikmod: crash or abort when loading/playing multiple files with different number of channels https://bugzilla.redhat.com/show_bug.cgi?id=479829 [ 2 ] Bug #479833 - CVE-2009-0179 mikmod: crash when loading XM files https://bugzilla.redhat.com/show_bug.cgi?id=479833 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libmikmod' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 28, 2009
Fedora
89
security advisorycriticalFedoraFedora: 2009-9095 Critical: Libmikmod Crash Issue Resolved
. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9095 2009-08-28 21:16:30 -------------------------------------------------------------------------------- Name : libmikmod Product : Fedora 10 Version : 3.2.0 Release : 4.beta2.fc10 URL : Summary : A MOD music file player library Description : libmikmod is a library used by the mikmod MOD music file player for UNIX-like systems. Supported file formats include MOD, STM, S3M, MTM, XM, ULT and IT. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2009 Jindrich Novy 3.2.0-4.beta2 - fix CVE-2007-6720 (#479829) - fix CVE-2009-0179 (#479833) -------------------------------------------------------------------------------- References: [ 1 ] Bug #479833 - CVE-2009-0179 mikmod: crash when loading XM files https://bugzilla.redhat.com/show_bug.cgi?id=479833 [ 2 ] Bug #479829 - CVE-2007-6720 mikmod: crash or abort when loading/playing multiple files with different number of channels https://bugzilla.redhat.com/show_bug.cgi?id=479829 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libmikmod' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 28, 2009
•Critical
Fedora
100
security advisoryapacheDoSSUSE: 2009:006 Moderate: Curl DoS And Gtk2 Fixes Announcement
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2009:006 Date: Tue, 10 Mar 2009 15:00:00 +0000 Cross-References: CVE-2007-6720, CVE-2008-2364, CVE-2008-5101 CVE-2008-5347, CVE-2008-5348, CVE-2008-5349 CVE-2008-5350, CVE-2008-5351, CVE-2008-5352 CVE-2008-5353, CVE-2008-5354, CVE-2008-5356 CVE-2008-5357, CVE-2008-5358, CVE-2008-5359 CVE-2008-5360, CVE-2008-6393, CVE-2009-0037 CVE-2009-0179, CVE-2009-0749, CVE-2009-0848 Content of this advisory: 1) Solved Security Vulnerabilities: - curl - libmikmod - apache2 - optipng - psi - java-1_6_0-openjdk - gtk2 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for moresevere vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - curl When HTTP-redirect following was enabled curl followed any URL, even one to e.g. local files (CVE-2009-0037). Affected Products: openSUSE 10.3-11.1, SLES9, SLES10 - libmikmod Specially crafted XM files or playing mod files with varying number of channels could crash applications using libmikmod (CVE-2009-0179, CVE-2007-6720). Affected Products: openSUSE 10.3-11.1, SLES9, SLES10 - apache2 A DoS condition in apache2's mod_proxy has been fixed (CVE-2008-2364). Affected Products: SLES10 - optipng Specially crafted BMP files could overflow a buffer in optipng (CVE-2008-5101), specially crafted GIF files could crash optipng (CVE-2009-0749). Affected Products: openSUSE 10.3-11.1 - psi Remote attackers could crash the Psi instant messaging client via the file transfer port (CVE-2008-6393). Affected Products: openSUSE 10.3-11.1 - java-1_6_0-openjdk OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of security issues. It fixes at least: 4486841 UTF8 decoder should adhere to corrigendum to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA public keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP sockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal to the "package.access" property in $JAVA_HOME/lib/security/java.security CVE-2008-5347 aka SUN SOLVE 246366 6721753 File.createTempFile produces guessable file names CVE-2008-5360 6726779 ConvolveOp on USHORT raster can cause the JVM crash. CVE-2008-5359 aka SUN SOLVE 244987 6733336 Crash on malformed font CVE-2008-5356 aka SUN SOLVE 244987 6733959 Insufficient checks for "Main-Class" manifest entry in JAR files CVE-2008-5354 aka SUN SOLVE 244990 6734167 Calendar.readObject allows elevation of privileges CVE-2008-5353 6751322 Vulnerability report: Sun Java JRE TrueType Font Parsing Heap Overflow CVE-2008-5357 aka SUN SOLVE 244987 6755943 Java JAR Pack200 Decompression should enforce stricter header checks CVE-2008-5352 aka SUN SOLVE 244992 6766136 corrupted gif image may cause crash in java splashscreen library. CVE-2008-5358 aka SUN SOLVE 244987 Affected Products: openSUSE 11.0,11.1 - gtk2 A SUSE specific patch to GTK2 accidentally added a relative search path for gtk modules therefore allowed local attackers have gtk programs load modules from untrusted places (CVE-2009-0848). Affected Products: openSUSE 11.0,11.1 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained inyour key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Mar 10, 2009
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!