Mandriva Linux Security Advisory : libmikmod (MDVSA-2009:272-1)
Medium Nessus Plugin ID 42097
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in libmikmod :
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
SolutionUpdate the affected packages.