Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:272 (libmikmod)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66029

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:272 (libmikmod)

Resumen: The remote host is missing an update to libmikmod;announced via advisory MDVSA-2009:272.

Descripción: Summary:
The remote host is missing an update to libmikmod
announced via advisory MDVSA-2009:272.

Vulnerability Insight:
Multiple vulnerabilities has been found and corrected in libmikmod:

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause
a denial of service (application crash) by loading multiple songs
(aka MOD files) with different numbers of channels (CVE-2007-6720).

libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).

This update fixes these vulnerabilities.

Affected: 2008.1, 2009.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-6720
BugTraq ID: 33235
http://www.securityfocus.com/bid/33235
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01305.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01312.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519
http://openwall.com/lists/oss-security/2009/01/13/2
http://secunia.com/advisories/34259
SuSE Security Announcement: SUSE-SR:2009:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-0179
BugTraq ID: 33240
http://www.securityfocus.com/bid/33240
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66029
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:272 (libmikmod)
Resumen:	The remote host is missing an update to libmikmod;announced via advisory MDVSA-2009:272.
Descripción:	Summary: The remote host is missing an update to libmikmod announced via advisory MDVSA-2009:272. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in libmikmod: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720). libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179). This update fixes these vulnerabilities. Affected: 2008.1, 2009.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6720 BugTraq ID: 33235 http://www.securityfocus.com/bid/33235 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01305.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01312.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519 http://openwall.com/lists/oss-security/2009/01/13/2 http://secunia.com/advisories/34259 SuSE Security Announcement: SUSE-SR:2009:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2009-0179 BugTraq ID: 33240 http://www.securityfocus.com/bid/33240 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476339
Copyright	Copyright (C) 2009 E-Soft Inc.