openSUSE Security Update : libopenmpt (openSUSE-2019-524)

high Nessus Plugin ID 123222

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for libopenmpt to version 0.3.9 fixes the following issues :

These security issues were fixed :

- CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644)

- CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080)

These non-security issues were fixed :

- [Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle.

- STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly.

- STM: Last character of sample name was missing.

- Speed up reading of truncated ULT files.

- ULT: Portamento import was sometimes broken.

- The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates.

- Keep track of active SFx macro during seeking.

- The 'note cut' duplicate note action did not volume-ramp the previously playing sample.

- A song starting with non-existing patterns could not be played.

- DSM: Support restart position and 16-bit samples.

- DTM: Import global volume.

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected libopenmpt packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1089080

https://bugzilla.opensuse.org/show_bug.cgi?id=1095644

Plugin Details

Severity: High

ID: 123222

File Name: openSUSE-2019-524.nasl

Version: 1.5

Type: local

Agent: unix

Published: 3/27/2019

Updated: 6/11/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-11710

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libopenmpt0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt0-debuginfo, cpe:/o:novell:opensuse:15.0, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit, p-cpe:/a:novell:opensuse:libmodplug-devel, p-cpe:/a:novell:opensuse:libopenmpt-devel, p-cpe:/a:novell:opensuse:libmodplug1-32bit-debuginfo, p-cpe:/a:novell:opensuse:libmodplug1, p-cpe:/a:novell:opensuse:libmodplug1-32bit, p-cpe:/a:novell:opensuse:libopenmpt0, p-cpe:/a:novell:opensuse:libopenmpt_modplug1, p-cpe:/a:novell:opensuse:openmpt123-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-32bit-debuginfo, p-cpe:/a:novell:opensuse:openmpt123, p-cpe:/a:novell:opensuse:libmodplug1-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt_modplug1-debuginfo, p-cpe:/a:novell:opensuse:libopenmpt-debugsource, p-cpe:/a:novell:opensuse:libopenmpt0-32bit

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/23/2019

Vulnerability Publication Date: 4/11/2018

Reference Information

CVE: CVE-2018-10017, CVE-2018-11710