[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [Full-disclosure] [USN-771-1] libmodplug vulnerabilities

===========================================================
Ubuntu Security Notice USN-771-1               May 07, 2009
libmodplug vulnerabilities
CVE-2009-1438, CVE-2009-1513
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.



The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libmodplug0c2                   1:0.7-5ubuntu0.6.06.2

Ubuntu 8.04 LTS:
  libmodplug0c2                   1:0.7-7ubuntu0.8.04.1

Ubuntu 8.10:
  libmodplug0c2                   1:0.7-7ubuntu0.8.10.1

Ubuntu 9.04:
  libmodplug0c2                   1:0.8.4-3ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.



Details follow:

It was discovered that libmodplug did not correctly handle certain
parameters when parsing MED media files. If a user or automated system were
tricked into opening a crafted MED file, an attacker could execute
arbitrary code with privileges of the user invoking the program.


(CVE-2009-1438)

Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not
correctly handle long instrument names when parsing PAT sample files. If a
user or automated system were tricked into opening a crafted PAT file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 9.04. (CVE-2009-1438)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    link://[click]
      Size/MD5:     8019 e0cfb60fb0e8b9d2952b44fe49162a34
    link://[click]
      Size/MD5:      648 63165324d2ab4e1cbd3cea974ff7e469
    link://[click]
      Size/MD5:   329398 b6e7412f90cdd4a27a2dd3de94909905

  Architecture independent packages:

    link://[click]
      Size/MD5:    22574 b2e9b39531d1cd61248c1896f41b5924

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    link://[click]
      Size/MD5:   117666 645e325b6a6f9de4725ad209ea8164b6

  i386 architecture (x86 compatible Intel/AMD):

    link://[click]
      Size/MD5:   115600 a0db9ab74c5d57233be5ca293b98dcce

  powerpc architecture (Apple Macintosh G3/G4/G5):

    link://[click]
      Size/MD5:   125876 7a615bf7d62f8196543bbf20ff5202a1

  sparc architecture (Sun SPARC/UltraSPARC):

    link://[click]
      Size/MD5:   123506 275f5a45734db4cc7c43eb63c1573bea

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    link://[click]
      Size/MD5:     8451 e5c0199a6649713b1702fbc6e2d6fc20
    link://[click]
      Size/MD5:      750 16855b20226f3c668aeabfb00366dfee
    link://[click]
      Size/MD5:   329398 b6e7412f90cdd4a27a2dd3de94909905

  Architecture independent packages:

    link://[click]
      Size/MD5:    23042 cdf25381e5c0ce41bfe5df66c983954b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    link://[click]
      Size/MD5:   121612 7d456e69ee2dd12e197b8e30d892e333

  i386 architecture (x86 compatible Intel/AMD):

    link://[click]
      Size/MD5:   120658 645a4441fe79e02f7b9c1851c028a314

  lpia architecture (Low Power Intel Architecture):

    link://[click]
      Size/MD5:   122276 f7784ebbd03cf2f9c63ee7c0fdb5920e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    link://[click]
      Size/MD5:   131908 0b1e05f93b5e85f57566874861640083

  sparc architecture (Sun SPARC/UltraSPARC):

    link://[click]
      Size/MD5:   128062 29b786c3ce45fe602da56310992bdab0

Updated packages for Ubuntu 8.10:

  Source archives:

    link://[click]
      Size/MD5:     8477 4e692596340a4fd891d788ee9b206f0a
    link://[click]
      Size/MD5:     1158 83e89cd14e7e3cc4a1461aadc3d108c6
    link://[click]
      Size/MD5:   329398 b6e7412f90cdd4a27a2dd3de94909905

  Architecture independent packages:

    link://[click]
      Size/MD5:    23034 50d486755d9adc21e5c22b46e96d7c12

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    link://[click]
      Size/MD5:   121962 bfe382df79c137130a695078283300fc

  i386 architecture (x86 compatible Intel/AMD):

    link://[click]
      Size/MD5:   120940 0d1eaa14546d5aeb62f1848d9bfbc8d6

  lpia architecture (Low Power Intel Architecture):

    link://[click]
      Size/MD5:   122746 bb5fbc25b04596b08c493ed7a258cf31

  powerpc architecture (Apple Macintosh G3/G4/G5):

    link://[click]
      Size/MD5:   133192 9b301e52f287cf13137a9b4624d1dcec

  sparc architecture (Sun SPARC/UltraSPARC):

    link://[click]
      Size/MD5:   127736 db79a29968f0de688e44498446506881

Updated packages for Ubuntu 9.04:

  Source archives:

    link://[click]
      Size/MD5:     8721 65ddff85bc42da5fdd2806adfae2364e
    link://[click]
      Size/MD5:     1147 a9768cf5e67c1af673110df40343bb6c
    link://[click]
      Size/MD5:   510758 091bd1168a524a4f36fc61f95209e7e4

  Architecture independent packages:

    link://[click]
      Size/MD5:    25412 e82af5c335f5bfd8321f99e59c07db54

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    link://[click]
      Size/MD5:   173236 36277712028649998c2ab648b277cb6f

  i386 architecture (x86 compatible Intel/AMD):

    link://[click]
      Size/MD5:   172220 7720ceb85256b36befb406b8df775391

  lpia architecture (Low Power Intel Architecture):

    link://[click]
      Size/MD5:   174688 a46440d2c3034aba5d0a9c012cb8c1e2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    link://[click]
      Size/MD5:   187064 170df3cab798c4cf33ab20d263b39874

  sparc architecture (Sun SPARC/UltraSPARC):

    link://[click]
      Size/MD5:   188008 df4617de3276c111ca15b3d6b5116156

Attachment: signature.asc
Description: This is a digitally signed message part

Full-Disclosure - We believe in it.


Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]

Precedent par Date: [Full-disclosure] mb_ereg(i)_replace() evaluate replacement string vulnerability
Suivant par Date: [Full-disclosure] [USN-772-1] MPFR vulnerability
Precedent par fil : [Full-disclosure] mb_ereg(i)_replace() evaluate replacement string vulnerability
Suivant par fil : [Full-disclosure] [USN-772-1] MPFR vulnerability
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre + de mots clés avec l'annuaire des articles publiés sur SecuObs

Mini-Tagwall de l'annuaire video :

curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter