openSUSE Security Update : libopenmpt (openSUSE-2018-742)

Medium Nessus Plugin ID 111197

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for libopenmpt to version 0.3.9 fixes the following issues :

These security issues were fixed :

- CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644)

- CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080)

These non-security issues were fixed :

- [Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle.

- STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly.

- STM: Last character of sample name was missing.

- Speed up reading of truncated ULT files.

- ULT: Portamento import was sometimes broken.

- The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates.

- Keep track of active SFx macro during seeking.

- The 'note cut' duplicate note action did not volume-ramp the previously playing sample.

- A song starting with non-existing patterns could not be played.

- DSM: Support restart position and 16-bit samples.

- DTM: Import global volume.

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected libopenmpt packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1089080

https://bugzilla.opensuse.org/show_bug.cgi?id=1095644

Plugin Details

Severity: Medium

ID: 111197

File Name: openSUSE-2018-742.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2018/07/20

Modified: 2018/09/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libmodplug-devel, p-cpe:/a:novell:opensuse:libmodplug1, p-cpe:/a:novell:opensuse:libmodplug1-32bit, p-cpe:/a:novell:opensuse:libmodplug1-32bit-debuginfo, p-cpe:/a:novell:opensuse:libmodplug1-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt-debugsource, p-cpe:/a:novell:opensuse:libopenmpt-devel, p-cpe:/a:novell:opensuse:libopenmpt0, p-cpe:/a:novell:opensuse:libopenmpt0-32bit, p-cpe:/a:novell:opensuse:libopenmpt0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt0-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt_modplug1, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-debuginfo, p-cpe:/a:novell:opensuse:openmpt123, p-cpe:/a:novell:opensuse:openmpt123-debuginfo, cpe:/o:novell:opensuse:15.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2018/07/19

Reference Information

CVE: CVE-2018-10017, CVE-2018-11710