Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201707-02 ] Game Music Emu: Multiple vulnerabilities
Date: Sat, 08 Jul 2017 12:30:19
Message-Id: 2a1b0ee9-6ff3-8d25-f559-cc67eb314eea@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201707-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Game Music Emu: Multiple vulnerabilities
9 Date: July 08, 2017
10 Bugs: #603092
11 ID: 201707-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Game Music Emu, the worst
19 of which could lead to the execution of arbitrary code.
20
21 Background
22 ==========
23
24 Game Music Emu is a multi-purpose console music emulator and player
25 library.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-libs/game-music-emu
34 < 0.6.1 >= 0.6.1
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in Game Music Emu. Please
40 review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 A remote attacker could entice a user to open a specially crafted SPC
46 music file, using Game Music Emu or an application linked against the
47 Game Music Emu library, possibly resulting in execution of arbitrary
48 code with the privileges of the process or a Denial of Service
49 condition.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Game Music Emu users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot -v ">=media-libs/game-music-emu-0.6.1"
63
64 References
65 ==========
66
67 [ 1 ] CVE-2016-9957
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9957
69 [ 2 ] CVE-2016-9958
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9958
71 [ 3 ] CVE-2016-9959
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9959
73 [ 4 ] CVE-2016-9960
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9960
75 [ 5 ] CVE-2016-9961
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9961
77
78 Availability
79 ============
80
81 This GLSA and any updates to it are available for viewing at
82 the Gentoo Security Website:
83
84 https://security.gentoo.org/glsa/201707-02
85
86 Concerns?
87 =========
88
89 Security is a primary focus of Gentoo Linux and ensuring the
90 confidentiality and security of our users' machines is of utmost
91 importance to us. Any security concerns should be addressed to
92 security@g.o or alternatively, you may file a bug at
93 https://bugs.gentoo.org.
94
95 License
96 =======
97
98 Copyright 2017 Gentoo Foundation, Inc; referenced text
99 belongs to its owner(s).
100
101 The contents of this document are licensed under the
102 Creative Commons - Attribution / Share Alike license.
103
104 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature