Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisoryfedoraupdateFedora 42 Aqualung FEDORA-2026-43278d411e Critical Out-of-Bounds Fix
Latest Monkey's Audio Codec release. Changes: https://monkeysaudio.com/versionhistory.html .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-43278d411e 2026-04-18 01:08:05.671399+00:00 -------------------------------------------------------------------------------- Name : aqualung Product : Fedora 42 Version : 1.2 Release : 10.fc42 URL : https://aqualung.jeremyevans.net Summary : Music Player for GNU/Linux Description : Aqualung is an advanced music player originally targeted at the GNU/Linux operating system. It plays audio CDs, internet radio streams and pod casts as well as sound files in just about any audio format and has the feature of inserting no gaps between adjacent tracks. -------------------------------------------------------------------------------- Update Information: Latest Monkey's Audio Codec release. Changes: https://monkeysaudio.com/versionhistory.html . -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2026 Dominik Mierzejewski - 1.2-10 - Rebuilt for libMAC 12.63 - Fixed build against pipewire-jack -------------------------------------------------------------------------------- References: [ 1 ] Bug #2406922 - CVE-2025-61043 mac: out-of-bounds read in CAPECharacterHelper::GetUTF16FromUTF8 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2406922 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-43278d411e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 18, 2026
•Critical
Fedora
89
security advisoryfedoraupdateUbuntu 24 Cadenza Major Video Codec Overhaul 2027-gabc123456
Latest Monkey's Audio Codec release. Changes: https://monkeysaudio.com/versionhistory.html .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f091fe88bd 2026-04-18 00:52:25.911633+00:00 -------------------------------------------------------------------------------- Name : aqualung Product : Fedora 43 Version : 1.2 Release : 12.fc43 URL : https://aqualung.jeremyevans.net Summary : Music Player for GNU/Linux Description : Aqualung is an advanced music player originally targeted at the GNU/Linux operating system. It plays audio CDs, internet radio streams and pod casts as well as sound files in just about any audio format and has the feature of inserting no gaps between adjacent tracks. -------------------------------------------------------------------------------- Update Information: Latest Monkey's Audio Codec release. Changes: https://monkeysaudio.com/versionhistory.html . -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2026 Dominik Mierzejewski - 1.2-12 - Rebuilt for libMAC 12.63 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2406923 - CVE-2025-61043 mac: out-of-bounds read in CAPECharacterHelper::GetUTF16FromUTF8 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2406923 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f091fe88bd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 18, 2026
•Important
Fedora
89
security advisoryfedoraupdateFedora 44 Aqualung Important Music Player Update CVE-2025-61043
Latest Monkey's Audio Codec release. Changelog: https://monkeysaudio.com/versionhistory.html . Fixes CVE-2025-61043.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-62f9125c65 2026-03-19 00:15:36.606391+00:00 -------------------------------------------------------------------------------- Name : aqualung Product : Fedora 44 Version : 2.0 Release : 6.fc44 URL : https://aqualung.jeremyevans.net Summary : Music Player for GNU/Linux Description : Aqualung is an advanced music player originally targeted at the GNU/Linux operating system. It plays audio CDs, internet radio streams and pod casts as well as sound files in just about any audio format and has the feature of inserting no gaps between adjacent tracks. -------------------------------------------------------------------------------- Update Information: Latest Monkey's Audio Codec release. Changelog: https://monkeysaudio.com/versionhistory.html . Fixes CVE-2025-61043. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 24 2026 Dominik Mierzejewski - 2.0-6 - rebuilt for mac 12.35 * Tue Feb 17 2026 Tom Callaway - 2.0-5 - rebuild for lua 5.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2363650 - mac-12.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=2363650 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-62f9125c65' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 19, 2026
•Important
Fedora
89
security advisoryfedoraupdateFedora 32: FEDORA-2021-24ef21134b Critical AdPlug Buffer Overflow
AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-24ef21134b 2021-01-14 01:42:30.106595 --------------------------------------------------------------------------------Name : ocp Product : Fedora 32 Version : 0.1.22 Release : 0.28.git849cc42.fc32 URL : https://stian.cubic.org/project-ocp.php Summary : Open Cubic Player for MOD/S3M/XM/IT/MIDI music files Description : Open Cubic Player is a music file player ported from DOS that supports Amiga MOD module formats and many variants, such as MTM, STM, 669, S3M, XM, and IT. It is also able to render MIDI files using sound patches and play SID, OGG Vorbis, FLAC, and WAV files. OCP provides a nice text-based interface with several text-based and graphical visualizations. --------------------------------------------------------------------------------Update Information: AdPlug 2.3.3 ============ - New RAD player replacing the old one - Bug fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` -CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -CVE-2019-14734 - buffer overflow in `.mtk` - CVE-2019-15151 - double free and OOB reads in `.u6m` - OOB reads in `.xad` - OOB reads in `.rix` AdPlug 2.3.2 ============ - Bug fixes: - FMOPL: Fix global variable pointer double-free (CVE-2018-17825) - HERAD: Fix compilation on GCC 4.2.1 - ADL: Calling `rewind()` before `update()` causes access violation - Move OPL reset/init code to`rewind()` for some players AdPlug 2.3.1 ===========- Fixed unconditional inclusion of "sys/io.h" on Linux - Autotools improvement - Non-recursive Automake, improved parallelizability - Compatibility fixes for FreeBSD's pmake and OpenBSD's make - Out-of-source building AdPlug 2.3 ========== - Bug fixes: - CMF: Fix uninitialised variable use (thanks binarymaster) - CMF: Handle invalid offsets without crashing - ROL: Prevent access beyond end of vector - MSC: Fix use of uninitialised variable - HSC: Handle out of range patterns more gracefully - MID: Fix out of range array read - LDS: Use the tempo stored inside the Loudness-File instead of simply returning 70Hz - RIX: Fix several replay bugs (thanks to Palxex) - RIX: Big-endian fix by Wei Mingzhi - XAD: Tempo fix - Various other out of bounds array fixes, timing fixes, etc. - New formats: - BMF: Easy AdLib 1.0 - CMF: SoundFX Macs Opera - GOT: God of Thunder -HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD) - MUS/IMS/MDI: AdLib Visual Composer ROL derivatives - SOP: sopepos' Note Player - VGM: Video Game Music - Allow compilation on platforms that don't support real OPL hardware access - Add support for compiling on Appveyor and publishing a NuGet package - Add Visual Studio 2015 projects - Add support for Travis CI builds - Add new CRC16 and CRC32 tests - Addition of WoodyOPL from DOSBox SVN (thanks to NY00123) - Addition of NukedOPL (thanks to loki666 and nukeykt) - Move from SourceForge to GitHub - DRO player refactored (thanks to Laurence Myers and William Yates) - Add (mono) OPL3 support to the surround/harmonic-effect OPL - Fix occasional random noise in right channel when using surround OPL and Satoh synth - Add display for ROL comment and instrument names - Improve support for different Westwood ADL format versions - Improve CMF transpose support (per-channel now) - Autotools build environmentupdated --------------------------------------------------------------------------------ChangeLog: * Tue Jan 5 2021 Robert Scheck - 0.1.22-0.28.git849cc42 - Rebuilt for adplug 2.3.3 * Tue Jul 28 2020 Fedora Release Engineering - 0.1.22-0.27.git849cc42 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 14 2020 Tom Stellard - 0.1.22-0.26.git849cc42 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro --------------------------------------------------------------------------------References: [ 1 ] Bug #1743108 - CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h https://bugzilla.redhat.com/show_bug.cgi?id=1743108 [ 2 ] Bug #1770224 - CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770224 [ 3 ] Bug #1770243 - CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770243 [ 4 ] Bug #1770257 - CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770257 [ 5 ] Bug #1778710 - CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1778710 [ 6 ] Bug #1778716 - CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1778716 [ 7 ] Bug #1778720 - CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp https://bugzilla.redhat.com/show_bug.cgi?id=1778720 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2021-24ef21134b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 13, 2021
•Critical
Fedora
89
security advisoryupdatebuffer overflowFedora 34: 2022-74328930e5 Important: AdPlug Memory Leak Resolutions
AdPlug 2.3.3 fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-64168929e4 2021-01-14 01:37:01.292546 --------------------------------------------------------------------------------Name : ocp Product : Fedora 33 Version : 0.1.22 Release : 0.28.git849cc42.fc33 URL : https://stian.cubic.org/project-ocp.php Summary : Open Cubic Player for MOD/S3M/XM/IT/MIDI music files Description : Open Cubic Player is a music file player ported from DOS that supports Amiga MOD module formats and many variants, such as MTM, STM, 669, S3M, XM, and IT. It is also able to render MIDI files using sound patches and play SID, OGG Vorbis, FLAC, and WAV files. OCP provides a nice text-based interface with several text-based and graphical visualizations. --------------------------------------------------------------------------------Update Information: AdPlug 2.3.3 ============ - New RAD player replacing the old one - Bug fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` -CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` -CVE-2019-14734 - buffer overflow in `.mtk` - CVE-2019-15151 - double free and OOB reads in `.u6m` - OOB reads in `.xad` - OOB reads in `.rix` AdPlug 2.3.2 ============ - Bug fixes: - FMOPL: Fix global variable pointer double-free (CVE-2018-17825) - HERAD: Fix compilation on GCC 4.2.1 - ADL: Calling `rewind()` before `update()` causes access violation - Move OPL reset/init code to`rewind()` for some players AdPlug 2.3.1 ===========- Fixed unconditional inclusion of "sys/io.h" on Linux - Autotools improvement - Non-recursive Automake, improved parallelizability - Compatibility fixes for FreeBSD's pmake and OpenBSD's make - Out-of-source building AdPlug 2.3 ========== - Bug fixes: - CMF: Fix uninitialised variable use (thanks binarymaster) - CMF: Handle invalid offsets without crashing - ROL: Prevent access beyond end of vector - MSC: Fix use of uninitialised variable - HSC: Handle out of range patterns more gracefully - MID: Fix out of range array read - LDS: Use the tempo stored inside the Loudness-File instead of simply returning 70Hz - RIX: Fix several replay bugs (thanks to Palxex) - RIX: Big-endian fix by Wei Mingzhi - XAD: Tempo fix - Various other out of bounds array fixes, timing fixes, etc. - New formats: - BMF: Easy AdLib 1.0 - CMF: SoundFX Macs Opera - GOT: God of Thunder -HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD) - MUS/IMS/MDI: AdLib Visual Composer ROL derivatives - SOP: sopepos' Note Player - VGM: Video Game Music - Allow compilation on platforms that don't support real OPL hardware access - Add support for compiling on Appveyor and publishing a NuGet package - Add Visual Studio 2015 projects - Add support for Travis CI builds - Add new CRC16 and CRC32 tests - Addition of WoodyOPL from DOSBox SVN (thanks to NY00123) - Addition of NukedOPL (thanks to loki666 and nukeykt) - Move from SourceForge to GitHub - DRO player refactored (thanks to Laurence Myers and William Yates) - Add (mono) OPL3 support to the surround/harmonic-effect OPL - Fix occasional random noise in right channel when using surround OPL and Satoh synth - Add display for ROL comment and instrument names - Improve support for different Westwood ADL format versions - Improve CMF transpose support (per-channel now) - Autotools build environmentupdated --------------------------------------------------------------------------------ChangeLog: * Tue Jan 5 2021 Robert Scheck - 0.1.22-0.28.git849cc42 - Rebuilt for adplug 2.3.3 --------------------------------------------------------------------------------References: [ 1 ] Bug #1743108 - CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h https://bugzilla.redhat.com/show_bug.cgi?id=1743108 [ 2 ] Bug #1770224 - CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770224 [ 3 ] Bug #1770243 - CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770243 [ 4 ] Bug #1770257 - CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1770257 [ 5 ] Bug #1778710 - CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1778710 [ 6 ] Bug #1778716 - CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1778716 [ 7 ] Bug #1778720 - CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp https://bugzilla.redhat.com/show_bug.cgi?id=1778720 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-64168929e4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 13, 2021
•Important
Fedora
89
security advisoryFedoramusic playerFedora 28 Cantata Security Advisory: Insecure Mount Code Removal
Latest upstream release, omits some mounting code found to be insecure and not well tested.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-d1f6c8957f 2018-07-06 16:41:36.936407 --------------------------------------------------------------------------------Name : cantata Product : Fedora 28 Version : 2.3.1 Release : 1.fc28 URL : https://github.com/cdrummond/cantata Summary : Music Player Daemon (MPD) graphical client Description : Cantata is a graphical client for the music player daemon (MPD). Features: * Multiple MPD collections. * Highly customisable layout. * Songs grouped by album in play queue. * Context view to show artist, album, and song information of current track. * Simple tag editor. * File organizer - use tags to organize files and folders. * Ability to calculate ReplyGain tags. * Dynamic playlists. * Online services; Jamendo, Magnatune, SoundCloud, and Podcasts. * Radio stream support - with the ability to search for streams via TuneIn and ShoutCast. * USB-Mass-Storage and MTP device support. * Audio CD ripping and playback. * Playback of non-MPD songs, via simple in-built HTTP server. * MPRISv2 DBUS interface. * Support for KDE global shortcuts (KDE builds), GNOME media keys, and generic media keys (via Qxt support) * Ubuntu/ambiance theme integration. --------------------------------------------------------------------------------Update Information: Latest upstream release, omits some mounting code found to be insecure and not well tested. --------------------------------------------------------------------------------ChangeLog: * Wed Jun 27 2018 Rex Dieter - 2.3.1-1 - cantata-2.3.1 - include upstream commit that removes samba share mounting code * Fri Apr 27 2018 Rex Dieter - 2.3.0-1 - cantata-2.3.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1595570 - CVE-2018-12562 cantata:Insufficient input validation in the 'mount.cifs.wrapper' script https://bugzilla.redhat.com/show_bug.cgi?id=1595570 [ 2 ] Bug #1595569 - CVE-2018-12561 cantata: Possible injection of additional mount options by manipulating the domain parameters of the samba URL https://bugzilla.redhat.com/show_bug.cgi?id=1595569 [ 3 ] Bug #1595567 - CVE-2018-12560 cantata: Directory traversal in the D-Bus service of cantata-mounter https://bugzilla.redhat.com/show_bug.cgi?id=1595567 [ 4 ] Bug #1595566 - CVE-2018-12559 cantata: Directory traversal due to insufficient mount target check in mounter.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1595566 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-d1f6c8957f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 06, 2018
•Important
Fedora
91
security advisorygentootemporary fileGentoo: 200909-08 Normal: C* Music Player Symlink Attack
An insecure temporary file usage has been reported in the C* music player, allowing for symlink attacks.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: C* music player: Insecure temporary file usage Date: September 09, 2009 Bugs: #250474 ID: 200909-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= An insecure temporary file usage has been reported in the C* music player, allowing for symlink attacks. Background ========= The C* Music Player (cmus) is a modular and very configurable ncurses-based audio player. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/cmus < 2.2.0-r1 > = 2.2.0-r1 Description ========== Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely. Impact ===== A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All C* music player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/cmus-2.2.0-r1 References ========= [ 1 ] CVE-2008-5375 https://www.cve.org/CVERecord?id=CVE-2008-5375 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200909-08 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 09, 2009
Gentoo
89
security advisorycriticalFedoraFedora: 2009-9095 Critical: Libmikmod Crash Issue Resolved
. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9095 2009-08-28 21:16:30 -------------------------------------------------------------------------------- Name : libmikmod Product : Fedora 10 Version : 3.2.0 Release : 4.beta2.fc10 URL : Summary : A MOD music file player library Description : libmikmod is a library used by the mikmod MOD music file player for UNIX-like systems. Supported file formats include MOD, STM, S3M, MTM, XM, ULT and IT. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2009 Jindrich Novy 3.2.0-4.beta2 - fix CVE-2007-6720 (#479829) - fix CVE-2009-0179 (#479833) -------------------------------------------------------------------------------- References: [ 1 ] Bug #479833 - CVE-2009-0179 mikmod: crash when loading XM files https://bugzilla.redhat.com/show_bug.cgi?id=479833 [ 2 ] Bug #479829 - CVE-2007-6720 mikmod: crash or abort when loading/playing multiple files with different number of channels https://bugzilla.redhat.com/show_bug.cgi?id=479829 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libmikmod' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Aug 28, 2009
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!