Summary: | <media-libs/libmodplug-0.8.7, <gst-plugins-bad-0.10.10: Integer and buffer overflow (CVE-2009-{1438,1513}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gstreamer, sound |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sourceforge.net/project/shownotes.php?release_id=677065&group_id=1275 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 253485, 266986 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
![]() ![]() ![]() gstreamer: Can we get a version building against the system modplug stable or backport the patch mentioned in bug 253485? For reference: http://secunia.com/advisories/34797/ sound: To be a little more precise, please bump to 0.8.6. gstreamer is waiting for a bumped and stabilized libmodplug, stabling of gstreamer then via bug 266986. On Monday 27 April 2009, Jan Lieskovsky wrote: > FYI Konstanty has added more checks (for // Sample Names > potential overflow) and also null terminations for > relevant strings (to ensure string safety) at: > > http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplu >g/src/load_med.cpp?r1=1.2&amp;amp;r2=1.3&amp;amp;view=patch > > So new 0.8.7 release of libmodplug is available. bumped to 0.8.7 Arches, please test and mark stable: =media-libs/libmodplug-0.8.7 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh x86" Stable for HPPA: =media-libs/libmodplug-0.8.7. Please don't forget to readd hppa@g.o when gstreamer is ready. *cough* ppc done ppc64 done CVE-2009-1438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1438): Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow. amd64 done... ppc, ppc64: You guys failed to actually mark the ebuild stable, bringing you back x86 stable libmodplug stable on alpha. ppc64 done ppc done arm/ia64/sh stable Alright, libmodplug is done. Now we'll have to wait for gstreamer. CVE-2009-1513 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1513): Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name. GLSA 200907-07 |