lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OkxNF-0006I9-TA@titan.mandriva.com>
Date: Mon, 16 Aug 2010 12:57:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:151 ] libmikmod

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:151
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libmikmod
 Date    : August 16, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in libmikmod:
 
 Multiple heap-based buffer overflows might allow remote attackers
 to execute arbitrary code via (1) crafted samples or (2) crafted
 instrument definitions in an Impulse Tracker file (CVE-2009-3995).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2971
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 3239adc6a61914a960c8bb07ebab58d2  2008.0/i586/libmikmod2-3.1.11a-8.2mdv2008.0.i586.rpm
 4a88081c44652b1abbb2168bad46fc17  2008.0/i586/libmikmod-devel-3.1.11a-8.2mdv2008.0.i586.rpm 
 ecdb3414bb5ff4fde670f2983432fe92  2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 41d721fc0ade6181626d66527e08260f  2008.0/x86_64/lib64mikmod2-3.1.11a-8.2mdv2008.0.x86_64.rpm
 b9af3c6d02828c7c36f2d47275142a01  2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.2mdv2008.0.x86_64.rpm 
 ecdb3414bb5ff4fde670f2983432fe92  2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 0c32865a362e5949549bd0597f1c3288  2009.0/i586/libmikmod3-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm
 1f0c55a841c82430a4a455b9c0fd185f  2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 
 3b736a5f6560c844e05d797772240ff8  2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 da510127c478758616146f2069b013ca  2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm
 ce57822efa45f0e36aa1d79f7cc75763  2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm 
 3b736a5f6560c844e05d797772240ff8  2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 1987e95ad4486d0d70a5cb3f15462815  2009.1/i586/libmikmod3-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm
 7c1d6e99214eca60d5e1b27d742557ac  2009.1/i586/libmikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 
 2cf8f0a1794e134bad1f0510a4d4b255  2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 06d66faa37c282dbee789de65dc5b246  2009.1/x86_64/lib64mikmod3-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm
 5940b272dda3c628bbf27799e43db079  2009.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 
 2cf8f0a1794e134bad1f0510a4d4b255  2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 754014cea8f3645395151dc2b7a4cc58  2010.0/i586/libmikmod3-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm
 cd1e7fca287c53499d973478c7813a6f  2010.0/i586/libmikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm 
 9db426850551cd0d47d49dce62bddf29  2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 477871f309a92d2912811fb31fea0943  2010.0/x86_64/lib64mikmod3-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm
 4c02e2863a04a2201233ce6f0822fbb5  2010.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 
 9db426850551cd0d47d49dce62bddf29  2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 5dc9e3bcb87870d04daaeea37c1c7c90  2010.1/i586/libmikmod3-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm
 30fd5e1c50381c01c621c67f83e46c53  2010.1/i586/libmikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm 
 a8e35035a0439a36aed7acb4c6cd8c66  2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 c642403d884dcd4aef507757d7688b4a  2010.1/x86_64/lib64mikmod3-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm
 b64cda55aeb0450fea2ad3af07fece31  2010.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm 
 a8e35035a0439a36aed7acb4c6cd8c66  2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm

 Mandriva Enterprise Server 5:
 6798c40fffe0cec1532ed4ea2470b041  mes5/i586/libmikmod3-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm
 2b4f452bcfcd7ccbc1f9eea217b3e8ed  mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 
 18ee204b5ffc212d4fb027b912a75c0b  mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5e4fb9c93420186fc60c96e38b9ea412  mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm
 e285e5b3413fe8f0de6b71caa903c8f9  mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm 
 18ee204b5ffc212d4fb027b912a75c0b  mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMaOgMmqjQ0CJFipgRAt6nAKCzxX60CsvAUagtg/MS8MzgHh/84wCfbLXV
avaniwZZDpjBYi8uoj21mkM=
=KovP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ