=========================================================== Ubuntu Security Notice USN-771-1 May 07, 2009 libmodplug vulnerabilities CVE-2009-1438, CVE-2009-1513 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmodplug0c2 1:0.7-5ubuntu0.6.06.2 Ubuntu 8.04 LTS: libmodplug0c2 1:0.7-7ubuntu0.8.04.1 Ubuntu 8.10: libmodplug0c2 1:0.7-7ubuntu0.8.10.1 Ubuntu 9.04: libmodplug0c2 1:0.8.4-3ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. (CVE-2009-1438) Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not correctly handle long instrument names when parsing PAT sample files. If a user or automated system were tricked into opening a crafted PAT file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-1438) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.06.2.diff.gz Size/MD5: 8019 e0cfb60fb0e8b9d2952b44fe49162a34 http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.06.2.dsc Size/MD5: 648 63165324d2ab4e1cbd3cea974ff7e469 http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz Size/MD5: 329398 b6e7412f90cdd4a27a2dd3de94909905 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.7-5ubuntu0.6.06.2_all.deb Size/MD5: 22574 b2e9b39531d1cd61248c1896f41b5924 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.2_amd64.deb Size/MD5: 117666 645e325b6a6f9de4725ad209ea8164b6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.2_i386.deb Size/MD5: 115600 a0db9ab74c5d57233be5ca293b98dcce powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.2_powerpc.deb Size/MD5: 125876 7a615bf7d62f8196543bbf20ff5202a1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.2_sparc.deb Size/MD5: 123506 275f5a45734db4cc7c43eb63c1573bea Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-7ubuntu0.8.04.1.diff.gz Size/MD5: 8451 e5c0199a6649713b1702fbc6e2d6fc20 http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-7ubuntu0.8.04.1.dsc Size/MD5: 750 16855b20226f3c668aeabfb00366dfee http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz Size/MD5: 329398 b6e7412f90cdd4a27a2dd3de94909905 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.7-7ubuntu0.8.04.1_all.deb Size/MD5: 23042 cdf25381e5c0ce41bfe5df66c983954b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.04.1_amd64.deb Size/MD5: 121612 7d456e69ee2dd12e197b8e30d892e333 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.04.1_i386.deb Size/MD5: 120658 645a4441fe79e02f7b9c1851c028a314 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.04.1_lpia.deb Size/MD5: 122276 f7784ebbd03cf2f9c63ee7c0fdb5920e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.04.1_powerpc.deb Size/MD5: 131908 0b1e05f93b5e85f57566874861640083 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.04.1_sparc.deb Size/MD5: 128062 29b786c3ce45fe602da56310992bdab0 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-7ubuntu0.8.10.1.diff.gz Size/MD5: 8477 4e692596340a4fd891d788ee9b206f0a http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-7ubuntu0.8.10.1.dsc Size/MD5: 1158 83e89cd14e7e3cc4a1461aadc3d108c6 http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz Size/MD5: 329398 b6e7412f90cdd4a27a2dd3de94909905 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.7-7ubuntu0.8.10.1_all.deb Size/MD5: 23034 50d486755d9adc21e5c22b46e96d7c12 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.10.1_amd64.deb Size/MD5: 121962 bfe382df79c137130a695078283300fc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.10.1_i386.deb Size/MD5: 120940 0d1eaa14546d5aeb62f1848d9bfbc8d6 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.10.1_lpia.deb Size/MD5: 122746 bb5fbc25b04596b08c493ed7a258cf31 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.10.1_powerpc.deb Size/MD5: 133192 9b301e52f287cf13137a9b4624d1dcec sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.7-7ubuntu0.8.10.1_sparc.deb Size/MD5: 127736 db79a29968f0de688e44498446506881 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.8.4-3ubuntu1.1.diff.gz Size/MD5: 8721 65ddff85bc42da5fdd2806adfae2364e http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.8.4-3ubuntu1.1.dsc Size/MD5: 1147 a9768cf5e67c1af673110df40343bb6c http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.8.4.orig.tar.gz Size/MD5: 510758 091bd1168a524a4f36fc61f95209e7e4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.8.4-3ubuntu1.1_all.deb Size/MD5: 25412 e82af5c335f5bfd8321f99e59c07db54 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.8.4-3ubuntu1.1_amd64.deb Size/MD5: 173236 36277712028649998c2ab648b277cb6f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.8.4-3ubuntu1.1_i386.deb Size/MD5: 172220 7720ceb85256b36befb406b8df775391 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.8.4-3ubuntu1.1_lpia.deb Size/MD5: 174688 a46440d2c3034aba5d0a9c012cb8c1e2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.8.4-3ubuntu1.1_powerpc.deb Size/MD5: 187064 170df3cab798c4cf33ab20d263b39874 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmodplug/libmodplug0c2_0.8.4-3ubuntu1.1_sparc.deb Size/MD5: 188008 df4617de3276c111ca15b3d6b5116156
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/