Debian has issued an advisory on September 4: http://www.debian.org/security/2013/dsa-2751 The patches were a little hard to track down, but they're to src/load_abc.cpp here: http://sourceforge.net/p/modplug-xmms/git/ci/master/tree/libmodplug/ Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron. Note to QA: looks like there's a PoC here: http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/ Advisory: ======================== Updated libmodplug packages fix security vulnerabilities: An integer overflow within the "abc_set_parts()" function (src/load_abc.cpp) can be exploited to corrupt heap memory via a specially crafted ABC file (CVE-2013-4233). An error within the "abc_MIDI_drum()" and "abc_MIDI_gchord()" functions (src/load_abc.cpp) can be exploited to cause a buffer overflow via a specially crafted ABC file (CVE-2013-4234). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4234 https://secunia.com/advisories/54388/ http://www.debian.org/security/2013/dsa-2751 ======================== Updated packages in core/updates_testing: ======================== libmodplug1-0.8.8.4-1.1.mga2 libmodplug-devel-0.8.8.4-1.1.mga2 libmodplug1-0.8.8.4-3.1.mga3 libmodplug-devel-0.8.8.4-3.1.mga3 from SRPMS: libmodplug-0.8.8.4-1.1.mga2.src.rpm libmodplug-0.8.8.4-3.1.mga3.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
Version: Cauldron => 3
Testing complete on Mageia 3 x86_64. Before vlc would segfault playing the poc.abc With the update, it doesn't.
CC: (none) => davidwhodginsWhiteboard: MGA2TOO => MGA2TOO MGA3-64-OK
Created attachment 4328 [details] proof of concept file for testing. Use "vlc poc.abc".
Whiteboard: MGA2TOO MGA3-64-OK => MGA2TOO MGA3-64-OK has_procedure
Advisory 11170.adv committed to svn.
Testing complete both arches, both releases. In addition to ensuring vlc no longer segfaults, ensured it still plays videos. Someone from the sysadmin team please push 11170.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA2TOO MGA3-64-OK has_procedure => MGA2TOO MGA3-64-OK has_procedure MGA3-32-OK MGA2-64-OK MGA2-32-OKCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0271.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)