Ubuntu Security Notice USN-995-1

29th September, 2010

libmikmod vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 9.10
• Ubuntu 9.04
• Ubuntu 8.04 LTS

Software description

• libmikmod

Details

It was discovered that libMikMod incorrectly handled songs with different
channel counts. If a user were tricked into opening a crafted song file,
an attacker could cause a denial of service. (CVE-2007-6720)

It was discovered that libMikMod incorrectly handled certain malformed XM
files. If a user were tricked into opening a crafted XM file, an attacker
could cause a denial of service. (CVE-2009-0179)

It was discovered that libMikMod incorrectly handled certain malformed
Impulse Tracker files. If a user were tricked into opening a crafted
Impulse Tracker file, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971)

It was discovered that libMikMod incorrectly handled certain malformed
Ultratracker files. If a user were tricked into opening a crafted
Ultratracker file, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-3996)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 9.10:

libmikmod2 3.1.11-6ubuntu4.1

Ubuntu 9.04:

libmikmod2 3.1.11-6ubuntu3.9.04.1

Ubuntu 8.04 LTS:

libmikmod2 3.1.11-6ubuntu3.8.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971