========================================================================== Ubuntu Security Notice USN-1255-1 November 09, 2011 libmodplug vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: libmodplug could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - libmodplug: Library for mod music based on ModPlug Details: Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913) It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2914, CVE-2011-2915) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libmodplug1 1:0.8.8.2-3ubuntu1.1 Ubuntu 11.04: libmodplug1 1:0.8.8.1-2ubuntu0.3 Ubuntu 10.10: libmodplug1 1:0.8.8.1-1ubuntu1.3 Ubuntu 10.04 LTS: libmodplug0c2 1:0.8.7-1ubuntu0.3 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1255-1 CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915 Package Information: https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.2-3ubuntu1.1 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-2ubuntu0.3 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.8.1-1ubuntu1.3 https://launchpad.net/ubuntu/+source/libmodplug/1:0.8.7-1ubuntu0.3