Articles / Ubuntu: New libmodplug pack…

Ubuntu: New libmodplug packages fix security vulnerabilities

It was discovered that libmodplug did not correctly handle certain malformed S3M media files. If a user or automated system were tricked into opening a crafted S3M file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed ABC media files. If a user or automated system were tricked into opening a crafted ABC file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1148-1
June 13, 2011

libmodplug vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

libmodplug could be made to run programs as your login if it opened a
specially crafted file.

Software Description:
- libmodplug: Library for mod music based on ModPlug

Details:

It was discovered that libmodplug did not correctly handle certain
malformed S3M media files. If a user or automated system were tricked into
opening a crafted S3M file, an attacker could cause a denial of service or
possibly execute arbitrary code with privileges of the user invoking the
program. (CVE-2011-1574)

It was discovered that libmodplug did not correctly handle certain
malformed ABC media files. If a user or automated system were tricked into
opening a crafted ABC file, an attacker could cause a denial of service or
possibly execute arbitrary code with privileges of the user invoking the
program. (CVE-2011-1761)

The default compiler options for affected releases should reduce the
vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
 libmodplug1                     1:0.8.8.1-2ubuntu0.2

Ubuntu 10.10:
 libmodplug1                     1:0.8.8.1-1ubuntu1.2

Ubuntu 10.04 LTS:
 libmodplug0c2                   1:0.8.7-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
 CVE-2011-1574, CVE-2011-1761

Package Information:
 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-2ubuntu0.2
 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-1ubuntu1.2
 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.7-1ubuntu0.2
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.