Mageia Bugzilla – Bug 11170
libmodplug new security issues CVE-2013-4233 and CVE-2013-4234
Last modified: 2014-05-08 18:04:21 CEST
Debian has issued an advisory on September 4:
The patches were a little hard to track down, but they're to src/load_abc.cpp here:
Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.
Note to QA: looks like there's a PoC here:
Updated libmodplug packages fix security vulnerabilities:
An integer overflow within the "abc_set_parts()" function (src/load_abc.cpp)
can be exploited to corrupt heap memory via a specially crafted ABC file
An error within the "abc_MIDI_drum()" and "abc_MIDI_gchord()" functions
(src/load_abc.cpp) can be exploited to cause a buffer overflow via a
specially crafted ABC file (CVE-2013-4234).
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing complete on Mageia 3 x86_64.
Before vlc would segfault playing the poc.abc
With the update, it doesn't.
Created attachment 4328 [details]
proof of concept file for testing. Use "vlc poc.abc".
Advisory 11170.adv committed to svn.
Testing complete both arches, both releases.
In addition to ensuring vlc no longer segfaults, ensured it still plays videos.
Someone from the sysadmin team please push 11170.adv to updates.