CVE-2010-2546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546): Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
CVE-2010-2971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971): loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
Pushed fix for this CVEs (and closely related CVEs) for both stable slots: > *libmikmod-3.1.12-r1 (06 Feb 2012) > *libmikmod-3.2.0_beta2-r3 (06 Feb 2012) > > 06 Feb 2012; Sergei Trofimovich <slyfox@gentoo.org> > +files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch, > +files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch, > +files/libmikmod-3.2.0_beta2-fix-unload-crash.patch, > +files/libmikmod-3.2.0_beta2-fix-vol-crash.patch, > +files/libmikmod-3.2.0_beta2-pa-workaround.patch, +libmikmod-3.1.12-r1.ebuild, > +libmikmod-3.2.0_beta2-r3.ebuild: > Fixed sdl-mixer crash (bug #300525 reported by A.C.Heron and fixed by pva). > Fixed CVE-2009-3995, CVE-2009-3996 CVE-2010-2546 CVE-2010-2971 (security > bug #335892 by Stefan Behte fixes are pulled from upstream, redhat and suse). > Added workaround to avoid crash when libmikmod ran under padsp pulseaudio > wrapper. Thanks!
(In reply to comment #2) > Pushed fix for this CVEs (and closely related CVEs) for both stable slots: > Thanks! Arches, please test and mark stable: =media-libs/libmikmod-3.1.12-r1 Target keywords : "amd64 x86" =media-libs/libmikmod-3.2.0_beta2-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
note archtester libmikmod # grep "libmikmod\.a" /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.1.12-r1/temp/build.log archtester libmikmod # i.e. a blank archtester libmikmod # grep "libmikmod\.a" /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/temp/build.log ---------------------------------------------- libtool: link: x86_64-pc-linux-gnu-ranlib .libs/libmikmod.a libtool: install: /usr/bin/install -c -m 644 .libs/libmikmod.a /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a libtool: install: chmod 644 /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a libtool: install: x86_64-pc-linux-gnu-ranlib /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a usr/lib64/libmikmod.a Does this reflect the desired or expected outcome??? Both build ok with USE raw. Otherwise amd64 looks ok
just the problem with the static-libs (bug 402499) for everything else both versions amd64 is ok
amd64 stable, thanks Ian, Maurizio
x86 stable. Thanks
Stable for HPPA.
ppc stable
arm stable
Stable on alpha.
ia64/sh/sparc stable
ppc64 stable, last arch done
Thanks, everyone. GLSA request filed.
This issue was resolved and addressed in GLSA 201203-10 at http://security.gentoo.org/glsa/glsa-201203-10.xml by GLSA coordinator Sean Amoss (ackle).