[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OkxNF-0006I9-TA@titan.mandriva.com>
Date: Mon, 16 Aug 2010 12:57:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:151 ] libmikmod
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:151
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libmikmod
Date : August 16, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in libmikmod:
Multiple heap-based buffer overflows might allow remote attackers
to execute arbitrary code via (1) crafted samples or (2) crafted
instrument definitions in an Impulse Tracker file (CVE-2009-3995).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2971
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
3239adc6a61914a960c8bb07ebab58d2 2008.0/i586/libmikmod2-3.1.11a-8.2mdv2008.0.i586.rpm
4a88081c44652b1abbb2168bad46fc17 2008.0/i586/libmikmod-devel-3.1.11a-8.2mdv2008.0.i586.rpm
ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
41d721fc0ade6181626d66527e08260f 2008.0/x86_64/lib64mikmod2-3.1.11a-8.2mdv2008.0.x86_64.rpm
b9af3c6d02828c7c36f2d47275142a01 2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.2mdv2008.0.x86_64.rpm
ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm
Mandriva Linux 2009.0:
0c32865a362e5949549bd0597f1c3288 2009.0/i586/libmikmod3-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm
1f0c55a841c82430a4a455b9c0fd185f 2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm
3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
da510127c478758616146f2069b013ca 2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm
ce57822efa45f0e36aa1d79f7cc75763 2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm
3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
1987e95ad4486d0d70a5cb3f15462815 2009.1/i586/libmikmod3-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm
7c1d6e99214eca60d5e1b27d742557ac 2009.1/i586/libmikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm
2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
06d66faa37c282dbee789de65dc5b246 2009.1/x86_64/lib64mikmod3-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm
5940b272dda3c628bbf27799e43db079 2009.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm
2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
754014cea8f3645395151dc2b7a4cc58 2010.0/i586/libmikmod3-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm
cd1e7fca287c53499d973478c7813a6f 2010.0/i586/libmikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm
9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
477871f309a92d2912811fb31fea0943 2010.0/x86_64/lib64mikmod3-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm
4c02e2863a04a2201233ce6f0822fbb5 2010.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm
9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
5dc9e3bcb87870d04daaeea37c1c7c90 2010.1/i586/libmikmod3-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm
30fd5e1c50381c01c621c67f83e46c53 2010.1/i586/libmikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm
a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
c642403d884dcd4aef507757d7688b4a 2010.1/x86_64/lib64mikmod3-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm
b64cda55aeb0450fea2ad3af07fece31 2010.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm
a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm
Mandriva Enterprise Server 5:
6798c40fffe0cec1532ed4ea2470b041 mes5/i586/libmikmod3-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm
2b4f452bcfcd7ccbc1f9eea217b3e8ed mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm
18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
5e4fb9c93420186fc60c96e38b9ea412 mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm
e285e5b3413fe8f0de6b71caa903c8f9 mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm
18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMaOgMmqjQ0CJFipgRAt6nAKCzxX60CsvAUagtg/MS8MzgHh/84wCfbLXV
avaniwZZDpjBYi8uoj21mkM=
=KovP
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists