openSUSE Security Update : libopenmpt (openSUSE-2018-742)

Medium Nessus Plugin ID 111197


The remote openSUSE host is missing a security update.


This update for libopenmpt to version 0.3.9 fixes the following issues :

These security issues were fixed :

- CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644)

- CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080)

These non-security issues were fixed :

- [Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle.

- STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly.

- STM: Last character of sample name was missing.

- Speed up reading of truncated ULT files.

- ULT: Portamento import was sometimes broken.

- The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates.

- Keep track of active SFx macro during seeking.

- The 'note cut' duplicate note action did not volume-ramp the previously playing sample.

- A song starting with non-existing patterns could not be played.

- DSM: Support restart position and 16-bit samples.

- DTM: Import global volume.

This update was imported from the SUSE:SLE-15:Update update project.


Update the affected libopenmpt packages.

See Also

Plugin Details

Severity: Medium

ID: 111197

File Name: openSUSE-2018-742.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2018/07/20

Updated: 2018/09/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libmodplug-devel, p-cpe:/a:novell:opensuse:libmodplug1, p-cpe:/a:novell:opensuse:libmodplug1-32bit, p-cpe:/a:novell:opensuse:libmodplug1-32bit-debuginfo, p-cpe:/a:novell:opensuse:libmodplug1-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt-debugsource, p-cpe:/a:novell:opensuse:libopenmpt-devel, p-cpe:/a:novell:opensuse:libopenmpt0, p-cpe:/a:novell:opensuse:libopenmpt0-32bit, p-cpe:/a:novell:opensuse:libopenmpt0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt0-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt_modplug1, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-debuginfo, p-cpe:/a:novell:opensuse:openmpt123, p-cpe:/a:novell:opensuse:openmpt123-debuginfo, cpe:/o:novell:opensuse:15.0

Patch Publication Date: 2018/07/19

Reference Information

CVE: CVE-2018-10017, CVE-2018-11710