USN-521-1: libmodplug vulnerability

27 September 2007

libmodplug vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

  • libmodplug

Details

Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
libmodplug0c2 - 1:0.7-5ubuntu0.6.10.1
Ubuntu 6.06 LTS
libmodplug0c2 - 1:0.7-5ubuntu0.6.06.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References