Mandriva Linux Security Advisory : libmodplug (MDVSA-2009:128-1)
High Nessus Plugin ID 39316
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple security vulnerabilities has been identified and fixed in libmodplug :
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow (CVE-2009-1438).
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name (CVE-2009-1513).
The updated packages have been patched to prevent this.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
SolutionUpdate the affected packages.