Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 22948

Summary: media-sound/mikmod
Product: Gentoo Linux Reporter: Daniel Ahlberg (RETIRED) <aliz>
Component: New packagesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical    
Priority: Highest    
Version: 1.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Daniel Ahlberg (RETIRED) gentoo-dev 2003-06-16 13:27:26 UTC 
[SECURITY] [DSA-320-1] New mikmod packages fix buffer overflow 
 
From:  
Matt Zimmerman <mdz@debian.org> 
 
 
To:  
bugtraq@securityfocus.com 
 
 
Date:  
Saturday 01.44.39 
 
 
 
Message was signed with unknown key 0x43E25D1E. 
The validity of the signature cannot be verified. 
 
 
-------------------------------------------------------------------------- 
Debian Security Advisory DSA 320-1                     security@debian.org 
http://www.debian.org/security/                             Matt Zimmerman 
June 13th, 2003                         http://www.debian.org/security/faq 
-------------------------------------------------------------------------- 
 
Package        : mikmod 
Vulnerability  : buffer overflow 
Problem-Type   : local 
Debian-specific: no 
CVE Id         : CAN-2003-0427 
 
Ingo Saitz discovered a bug in mikmod whereby a long filename inside 
an archive file can overflow a buffer when the archive is being read 
by mikmod. 
 
For the stable distribution (woody) this problem has been fixed in 
version 3.1.6-4woody3. 
 
For old stable distribution (potato) this problem has been fixed in 
version 3.1.6-2potato3. 
 
For the unstable distribution (sid) this problem is fixed in version 
3.1.6-6. 
 
We recommend that you update your mikmod package.
Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev 2003-07-02 14:41:31 UTC 
glsa sent