USN-995-1: libMikMod vulnerabilities

29 September 2010

libmikmod vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS

Summary

Software Description

  • libmikmod

Details

It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. (CVE-2007-6720)

It was discovered that libMikMod incorrectly handled certain malformed XM files. If a user were tricked into opening a crafted XM file, an attacker could cause a denial of service. (CVE-2009-0179)

It was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. If a user were tricked into opening a crafted Impulse Tracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)

It was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. If a user were tricked into opening a crafted Ultratracker file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3996)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
libmikmod2 - 3.1.11-6ubuntu4.1
Ubuntu 9.04
libmikmod2 - 3.1.11-6ubuntu3.9.04.1
Ubuntu 8.04 LTS
libmikmod2 - 3.1.11-6ubuntu3.8.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References