drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in libmodplug
Name: |
Zwei Probleme in libmodplug |
|
ID: |
USN-1148-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Mo, 13. Juni 2011, 22:43 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1761 |
|
Applikationen: |
libmodplug |
|
Originalnachricht |
--===============3500421286852987059== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Qk4VxCeUcMMU7eKxYsGW"
--=-Qk4VxCeUcMMU7eKxYsGW Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1148-1 June 13, 2011
libmodplug vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
libmodplug could be made to run programs as your login if it opened a specially crafted file.
Software Description: - libmodplug: Library for mod music based on ModPlug
Details:
It was discovered that libmodplug did not correctly handle certain malformed S3M media files. If a user or automated system were tricked into opening a crafted S3M file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1574)
It was discovered that libmodplug did not correctly handle certain malformed ABC media files. If a user or automated system were tricked into opening a crafted ABC file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-1761)
The default compiler options for affected releases should reduce the vulnerability to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libmodplug1 1:0.8.8.1-2ubuntu0.2
Ubuntu 10.10: libmodplug1 1:0.8.8.1-1ubuntu1.2
Ubuntu 10.04 LTS: libmodplug0c2 1:0.8.7-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References: CVE-2011-1574, CVE-2011-1761
Package Information: https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-1ubuntu1.2 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.7-1ubuntu0.2
--Úk4VxCeUcMMU7eKxYsGW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJN9lJMAAoJEGVp2FWnRL6TRFwP/RciPQn/WCO+TQBq9/JcYtmD UiAAMoqweDOTu0zSTc7zOXovS7WkrX6eLkHsgPTDDsujqt/OxEWHkTzQwEI+nklE hOJ65RjnTu5gGY7AaONHCU45kiJCvtI2OEcLGiEWDQ+mj8lkunrBxsOHjkc2ML0V EkIjAxFrs1OAJwwmvmuIHA8/W8Aar2oZazGlDFQrE2wZSMhyGZjsHcMKcPqnG5RP JPHMISUlRt83jOHB3G2JPqsTkgqB2SG8qdZk0oAS1ha93xA/MORsuCuzdXQNCUJt 41MJ9NUPYRqEitlrAUuTZs5V4o/IeTs8bSByQf2wtf8xosIWmaBNAoNnRsxDDdPv t8A3kRJj52AkpVldwjaO6oRbTi0beFt6V27aE8Hs7lIQ39ECaBnosR1mWgWj1jRn FbzoIjCW72RQyXWlXOrTQGgUwXuwbIOrdW/O302K3+E9pxtcdNs+slSoIlndmjlp wfj6XM1YgnJtOQcf6gUhr/pX2Y0RW/1XH6FXti8kVekJISbPl1jgmBYRnxks/Ky2 ovLxaaGPZu1LGtsAkLKceYSH9yMV1R/GjHimFU8cyPnqBCYCkOpGVs8fS2dpz3wM 77S5m0cI+O+NpLB2FBCDXs/QrYtXDdf0ToWbi4zQdlL2uv3yhnVB5SLcEk7HDQjp uDtBgDwqgAGZaId+/EYy =BWLX -----END PGP SIGNATURE-----
--=-Qk4VxCeUcMMU7eKxYsGW--
--===============3500421286852987059== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3500421286852987059==--
|
|
|
|