_______________________________________________________________________
Package : libmikmod
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in libmikmod:
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
possibly other products, relies on the channel count of the last
loaded song, rather than the currently playing song, for certain
playback calculations, which allows user-assisted attackers to cause
a denial of service (application crash) by loading multiple songs
(aka MOD files) with different numbers of channels (CVE-2007-6720).
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other
products, allows user-assisted attackers to cause a denial of service
(application crash) by loading an XM file (CVE-2009-0179).
This update fixes these vulnerabilities.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2007-6720
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0179
_______________________________________________________________________