openSUSE Security Update : libmodplug (openSUSE-SU-2011:0943-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of libmodplug0 fixes the following issues :

1) An integer overflow error exists within the 'CSoundFile::ReadWav()'
function (src/load_wav.cpp) when processing certain WAV files. This
can be exploited to cause a heap-based buffer overflow by tricking a
user into opening a specially crafted WAV file. (CVE-2011-2911)

2) Boundary errors within the 'CSoundFile::ReadS3M()' function
(src/load_s3m.cpp) when processing S3M files can be exploited to cause
stack-based buffer overflows by tricking a user into opening a
specially crafted S3M file. (CVE-2011-2912)

3) An off-by-one error within the 'CSoundFile::ReadAMS()' function
(src/load_ams.cpp) can be exploited to cause a stack corruption by
tricking a user into opening a specially crafted AMS file.
(CVE-2011-2913)

4) An off-by-one error within the 'CSoundFile::ReadDSM()' function
(src/load_dms.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted DSM file.
(CVE-2011-2914)

5) An off-by-one error within the 'CSoundFile::ReadAMS2()' function
(src/load_ams.cpp) can be exploited to cause a memory corruption by
tricking a user into opening a specially crafted AMS file.
(CVE-2011-2915)

Also an overflow in the ABC loader was fixed. (CVE-2011-1761)

See also :

http://lists.opensuse.org/opensuse-updates/2011-08/msg00035.html
https://bugzilla.novell.com/show_bug.cgi?id=710726

Solution :

Update the affected libmodplug packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75586 ()

Bugtraq ID:

CVE ID: CVE-2011-1761
CVE-2011-2911
CVE-2011-2912
CVE-2011-2913
CVE-2011-2914
CVE-2011-2915

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now