Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 379557 (CVE-2011-2911) - <media-libs/libmodplug-0.8.8.4 Multiple Vulnerabilities (CVE-2011-{2911,2912,2913,2914,2915})
Summary: <media-libs/libmodplug-0.8.8.4 Multiple Vulnerabilities (CVE-2011-{2911,2912,...
Status: RESOLVED FIXED
Alias: CVE-2011-2911
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/45131/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-17 11:02 UTC by Agostino Sarubbo
Modified: 2012-03-16 12:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-08-17 11:02:06 UTC
Some vulnerabilities have been reported in libmodplug, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

1) An integer overflow error exists within the "CSoundFile::ReadWav()" function (src/load_wav.cpp) when processing certain WAV files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted WAV file.

2) Boundary errors within the "CSoundFile::ReadS3M()" function (src/load_s3m.cpp) when processing S3M files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted S3M file.

3) An off-by-one error within the "CSoundFile::ReadAMS()" function (src/load_ams.cpp) can be exploited to cause a stack corruption by tricking a user into opening a specially crafted AMS file.

4) An off-by-one error within the "CSoundFile::ReadDSM()" function (src/load_dms.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted DSM file.

5) An off-by-one error within the "CSoundFile::ReadAMS2()" function (src/load_ams.cpp) can be exploited to cause a memory corruption by tricking a user into opening a specially crafted AMS file.

SOLUTION:
Update to version 0.8.8.4
Comment 1 Tony Vroon gentoo-dev 2011-08-17 11:18:32 UTC
+*libmodplug-0.8.8.4 (17 Aug 2011)
+
+  17 Aug 2011; Tony Vroon <chainsaw@gentoo.org> -libmodplug-0.8.8.1.ebuild,
+  -libmodplug-0.8.8.3.ebuild, +libmodplug-0.8.8.4.ebuild,
+  +files/libmodplug-0.8.8.4-no-fast-math.patch:
+  Version bump for security bug #379557 by Agostino "ago" Sarubbo. Port to
+  EAPI=4 and use a patch instead of relying on sed. Remove all ebuilds but this
+  and current stable.

Arches, please test & mark stable.
Comment 2 Agostino Sarubbo gentoo-dev 2011-08-17 13:15:37 UTC
all stable RDEPS build fine.

amd64 ok

(emake do not needs die in this case =) )
Comment 3 Tony Vroon gentoo-dev 2011-08-17 13:24:08 UTC
+  17 Aug 2011; Tony Vroon <chainsaw@gentoo.org> libmodplug-0.8.8.4.ebuild:
+  Mark stable on AMD64 and remove stray die statement as per arch testing by
+  Agostino "ago" Sarubbo in bug #379557.
Comment 4 Jeff (JD) Horelick (RETIRED) gentoo-dev 2011-08-17 17:47:19 UTC
Archtested on x86: Everything fine
Comment 5 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-08-18 17:19:32 UTC
ppc/ppc64 stable
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-20 04:02:17 UTC
x86 stable, thanks JD
Comment 7 Jeroen Roovers gentoo-dev 2011-08-21 16:33:41 UTC
Stable for HPPA.
Comment 8 Markus Meier gentoo-dev 2011-08-24 18:37:20 UTC
arm stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-08-27 17:45:50 UTC
alpha/ia64/sh/sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2011-08-27 18:40:17 UTC
Thanks all. Adding glsa request.
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-08-28 02:08:07 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-03-16 12:18:19 UTC
This issue was resolved and addressed in
 GLSA 201203-16 at http://security.gentoo.org/glsa/glsa-201203-16.xml
by GLSA coordinator Sean Amoss (ackle).