USN-995-1: libMikMod vulnerabilities

Releases

• Ubuntu 9.10
• Ubuntu 9.04
• Ubuntu 8.04

Packages

• libmikmod -

Details

It was discovered that libMikMod incorrectly handled songs with different
channel counts. If a user were tricked into opening a crafted song file,
an attacker could cause a denial of service. (CVE-2007-6720)

It was discovered that libMikMod incorrectly handled certain malformed XM
files. If a user were tricked into opening a crafted XM file, an attacker
could cause a denial of service. (CVE-2009-0179)

It was discovered that libMikMod incorrectly handled certain malformed
Impulse Tracker files. If a user were tricked into opening a crafted
Impulse Tracker file, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)

It was discovered that libMikMod incorrectly handled certain malformed
Ultratracker files. If a user were tricked into opening a crafted
Ultratracker file, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-3996)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10

• libmikmod2 - 3.1.11-6ubuntu4.1

Ubuntu 9.04

• libmikmod2 - 3.1.11-6ubuntu3.9.04.1

Ubuntu 8.04

• libmikmod2 - 3.1.11-6ubuntu3.8.04.1

In general, a standard system update will make all the necessary changes.

References

• CVE-2009-3995
• CVE-2009-0179
• CVE-2010-2546
• CVE-2009-3996
• CVE-2010-2971
• CVE-2007-6720