Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 335892 (CVE-2010-2546)

Summary: <media-libs/libmikmod-{3.1.12-r1,3.2.0_beta2-r3}: Multiple heap-based buffer overflows (CVE-2010-{2546,2971})
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: slyfox, sound
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=614643
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:32:55 UTC
CVE-2010-2546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546):
  Multiple heap-based buffer overflows in loaders/load_it.c in
  libmikmod, possibly 3.1.12, might allow remote attackers to execute
  arbitrary code via (1) crafted samples or (2) crafted instrument
  definitions in an Impulse Tracker file, related to panpts, pitpts,
  and IT_ProcessEnvelope.  NOTE: some of these details are obtained
  from third party information.  NOTE: this vulnerability exists
  because of an incomplete fix for CVE-2009-3995.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 22:30:33 UTC
CVE-2010-2971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971):
  loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly
  account for the larger size of name##env relative to name##tick and
  name##node, which allows remote attackers to trigger a buffer
  over-read and possibly have unspecified other impact via a crafted
  Impulse Tracker file, a related issue to CVE-2010-2546.  NOTE: this
  issue exists because of an incomplete fix for CVE-2009-3995.

Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2012-02-06 21:52:39 UTC
Pushed fix for this CVEs (and closely related CVEs) for both stable slots:

> *libmikmod-3.1.12-r1 (06 Feb 2012)
> *libmikmod-3.2.0_beta2-r3 (06 Feb 2012)
> 
>   06 Feb 2012; Sergei Trofimovich <slyfox@gentoo.org>
>   +files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch,
>   +files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch,
>   +files/libmikmod-3.2.0_beta2-fix-unload-crash.patch,
>   +files/libmikmod-3.2.0_beta2-fix-vol-crash.patch,
>   +files/libmikmod-3.2.0_beta2-pa-workaround.patch, +libmikmod-3.1.12-r1.ebuild,
>   +libmikmod-3.2.0_beta2-r3.ebuild:
>   Fixed sdl-mixer crash (bug #300525 reported by A.C.Heron and fixed by pva).
>   Fixed CVE-2009-3995, CVE-2009-3996 CVE-2010-2546 CVE-2010-2971 (security
>   bug #335892 by Stefan Behte fixes are pulled from upstream, redhat and suse).
>   Added workaround to avoid crash when libmikmod ran under padsp pulseaudio
>   wrapper.

Thanks!
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2012-02-07 05:15:55 UTC
(In reply to comment #2)
> Pushed fix for this CVEs (and closely related CVEs) for both stable slots:
> 

Thanks!

Arches, please test and mark stable:
=media-libs/libmikmod-3.1.12-r1
Target keywords : "amd64 x86"

=media-libs/libmikmod-3.2.0_beta2-r3
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 4 Ian Delaney (RETIRED) gentoo-dev 2012-02-07 08:26:53 UTC
note

archtester libmikmod # grep "libmikmod\.a"  /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.1.12-r1/temp/build.log 
archtester libmikmod # 
i.e.  a blank

archtester libmikmod # grep "libmikmod\.a" /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/temp/build.log 
----------------------------------------------
libtool: link: x86_64-pc-linux-gnu-ranlib .libs/libmikmod.a
libtool: install: /usr/bin/install -c -m 644 .libs/libmikmod.a /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a
libtool: install: chmod 644 /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a
libtool: install: x86_64-pc-linux-gnu-ranlib /mnt/gen2/TmpDir/portage/media-libs/libmikmod-3.2.0_beta2-r3/image//usr/lib64/libmikmod.a
   usr/lib64/libmikmod.a

Does this reflect the desired or expected outcome???

Both build ok with USE raw.  Otherwise amd64 looks ok
Comment 5 Maurizio Camisaschi (amd64 AT) 2012-02-07 11:38:26 UTC
just the problem with the static-libs (bug 402499)

for everything else both versions amd64 is ok
Comment 6 Agostino Sarubbo gentoo-dev 2012-02-07 12:47:42 UTC
amd64 stable, thanks Ian, Maurizio
Comment 7 Thomas Kahle (RETIRED) gentoo-dev 2012-02-08 14:18:30 UTC
x86 stable. Thanks
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2012-02-08 14:46:21 UTC
Stable for HPPA.
Comment 9 nixnut (RETIRED) gentoo-dev 2012-02-11 17:41:37 UTC
ppc stable
Comment 10 Markus Meier gentoo-dev 2012-02-13 21:17:45 UTC
arm stable
Comment 11 Tobias Klausmann (RETIRED) gentoo-dev 2012-02-17 14:00:47 UTC
Stable on alpha.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2012-02-18 19:45:30 UTC
ia64/sh/sparc stable
Comment 13 Samuli Suominen (RETIRED) gentoo-dev 2012-03-02 20:00:28 UTC
ppc64 stable, last arch done
Comment 14 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-02 20:36:09 UTC
Thanks, everyone. 

GLSA request filed.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2012-03-06 02:12:22 UTC
This issue was resolved and addressed in
 GLSA 201203-10 at http://security.gentoo.org/glsa/glsa-201203-10.xml
by GLSA coordinator Sean Amoss (ackle).