Summary: | <media-libs/libmikmod-{3.1.12-r1,3.2.0_beta2-r3}: Multiple heap-based buffer overflows (CVE-2010-{2546,2971}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | slyfox, sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=614643 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2010-09-03 21:32:55 UTC
CVE-2010-2971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971): loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995. Pushed fix for this CVEs (and closely related CVEs) for both stable slots:
> *libmikmod-3.1.12-r1 (06 Feb 2012)
> *libmikmod-3.2.0_beta2-r3 (06 Feb 2012)
>
> 06 Feb 2012; Sergei Trofimovich <slyfox@gentoo.org>
> +files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch,
> +files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch,
> +files/libmikmod-3.2.0_beta2-fix-unload-crash.patch,
> +files/libmikmod-3.2.0_beta2-fix-vol-crash.patch,
> +files/libmikmod-3.2.0_beta2-pa-workaround.patch, +libmikmod-3.1.12-r1.ebuild,
> +libmikmod-3.2.0_beta2-r3.ebuild:
> Fixed sdl-mixer crash (bug #300525 reported by A.C.Heron and fixed by pva).
> Fixed CVE-2009-3995, CVE-2009-3996 CVE-2010-2546 CVE-2010-2971 (security
> bug #335892 by Stefan Behte fixes are pulled from upstream, redhat and suse).
> Added workaround to avoid crash when libmikmod ran under padsp pulseaudio
> wrapper.
Thanks!
(In reply to comment #2) > Pushed fix for this CVEs (and closely related CVEs) for both stable slots: > Thanks! Arches, please test and mark stable: =media-libs/libmikmod-3.1.12-r1 Target keywords : "amd64 x86" =media-libs/libmikmod-3.2.0_beta2-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" note archtester libmikmod # grep "libmikmod\.a" /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.1.12-r1/temp/build.log archtester libmikmod # i.e. a blank archtester libmikmod # grep "libmikmod\.a" /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/temp/build.log ---------------------------------------------- libtool: link: x86_64-pc-linux-gnu-ranlib .libs/libmikmod.a libtool: install: /usr/bin/install -c -m 644 .libs/libmikmod.a /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a libtool: install: chmod 644 /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a libtool: install: x86_64-pc-linux-gnu-ranlib /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a usr/lib64/libmikmod.a Does this reflect the desired or expected outcome??? Both build ok with USE raw. Otherwise amd64 looks ok just the problem with the static-libs (bug 402499) for everything else both versions amd64 is ok amd64 stable, thanks Ian, Maurizio x86 stable. Thanks Stable for HPPA. ppc stable arm stable Stable on alpha. ia64/sh/sparc stable ppc64 stable, last arch done Thanks, everyone. GLSA request filed. This issue was resolved and addressed in GLSA 201203-10 at http://security.gentoo.org/glsa/glsa-201203-10.xml by GLSA coordinator Sean Amoss (ackle). |