View Full Version : USN-521-1: libmodplug vulnerability

September 28th, 2007, 02:30 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-521-1 September 27, 2007 libmodplug vulnerability CVE-2006-4192 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmodplug0c2 1:0.7-5ubuntu0.6.06.1 Ubuntu 6.10: libmodplug0c2 1:0.7-5ubuntu0.6.10.1 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.

More... (http://www.ubuntu.com/usn/usn-521-1)