Mandrake Local Security Checks : Mandriva Update for libmodplug MDVSA-2011:085 (libmodplug)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831395

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for libmodplug MDVSA-2011:085 (libmodplug)

Resumen: The remote host is missing an update for the 'libmodplug'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libmodplug'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in libmodplug:

Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in
libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary
code via a crafted S3M file (CVE-2011-1574).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
libmodplug on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1574
1025480
http://securitytracker.com/id?1025480
44870
http://secunia.com/advisories/44870
48434
http://secunia.com/advisories/48434
8243
http://securityreason.com/securityalert/8243
DSA-2226
http://www.debian.org/security/2011/dsa-2226
GLSA-201203-16
http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml
MDVSA-2011:085
http://www.mandriva.com/security/advisories?name=MDVSA-2011:085
RHSA-2011:0477
https://rhn.redhat.com/errata/RHSA-2011-0477.html
USN-1148-1
https://www.ubuntu.com/usn/USN-1148-1/
[oss-security] 20110411 CVE request for libmodplug
http://openwall.com/lists/oss-security/2011/04/11/6
[oss-security] 20110411 Re: CVE request for libmodplug
http://openwall.com/lists/oss-security/2011/04/11/13
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commit%3Bh=aecef259828a89bb00c2e6f78e89de7363b2237b
https://bugzilla.redhat.com/show_bug.cgi?id=695420
https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831395
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for libmodplug MDVSA-2011:085 (libmodplug)
Resumen:	The remote host is missing an update for the 'libmodplug'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libmodplug' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in libmodplug: Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file (CVE-2011-1574). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: libmodplug on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1574 1025480 http://securitytracker.com/id?1025480 44870 http://secunia.com/advisories/44870 48434 http://secunia.com/advisories/48434 8243 http://securityreason.com/securityalert/8243 DSA-2226 http://www.debian.org/security/2011/dsa-2226 GLSA-201203-16 http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml MDVSA-2011:085 http://www.mandriva.com/security/advisories?name=MDVSA-2011:085 RHSA-2011:0477 https://rhn.redhat.com/errata/RHSA-2011-0477.html USN-1148-1 https://www.ubuntu.com/usn/USN-1148-1/ [oss-security] 20110411 CVE request for libmodplug http://openwall.com/lists/oss-security/2011/04/11/6 [oss-security] 20110411 Re: CVE request for libmodplug http://openwall.com/lists/oss-security/2011/04/11/13 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091 http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commit%3Bh=aecef259828a89bb00c2e6f78e89de7363b2237b https://bugzilla.redhat.com/show_bug.cgi?id=695420 https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt
Copyright	Copyright (C) 2011 Greenbone AG