GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Mar 06, 2012 10:26 am Post subject: [ GLSA 201203-10 ] libmikmod: User-assisted execution of arb |
|
|
Gentoo Linux Security Advisory
Title: libmikmod: User-assisted execution of arbitrary code (GLSA 201203-10)
Severity: normal
Exploitable: remote
Date: March 06, 2012
Bug(s): #335892
ID: 201203-10
Synopsis
Multiple buffer overflow vulnerabilities in libmikmod may allow an
attacker to execute arbitrary code or cause a Denial of Service condition.
Background
libmikmod is a library to play a wide range of module formats.
Affected Packages
Package: media-libs/libmikmod
Vulnerable: < 3.2.0_beta2-r3
Unaffected: >= 3.2.0_beta2-r3
Unaffected: >= 3.1.12-r1 < 3.1.13
Architectures: All supported architectures
Description
Multiple boundary errors have been found in load_it.c in libmikmod,
which may cause a buffer overflow.
Impact
A remote attacker could entice a user to open specially crafted files in
an application linked against libmikmod, possibly resulting in execution
of arbitrary code with the permissions of the user running the
application, or Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All libmikmod 3.2 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/libmikmod-3.2.0_beta2-r3"
| All libmikmod 3.1 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libmikmod-3.1.12-r1"
| Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these packages.
References
CVE-2010-2546
CVE-2010-2971 |
|