openSUSE Security Update: Security update for libmodplug ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0803-1 Rating: moderate References: #1022032 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libmodplug fixes the following issues: Several security and non security issues where fixed: - Update to version 0.8.9.0+git20170610.f6dd59a boo#1022032: * PSM: add missing line to commit * ABC: prevent possible increment of p past end * ABC: ensure read pointer is valid before incrementing * ABC: terminate early when things don't work in substitute * OKT: add one more bound check * FAR: out by one on check * ABC: 10 digit ints require null termination * PSM: make sure reads occur of only valid ins * ABC: cleanup tracks correctly. * WAV: check that there is space for both headers * OKT: ensure file size is enough to contain data * ABC: initialize earlier * ABC: ensure array access is bounded correctly. * ABC: clean up loop exiting code * ABC: avoid possibility of incrementing *p * ABC: abort early if macro would be blank * ABC: Use blankline more often * ABC: Ensure for loop does not increment past end of loop * Initialize nPatterns to 0 earlier * Check memory position isn't over the memory length * ABC: transpose only needs to look at notes (<26) * Spelling fixes * Bump version number to 0.8.9.0 * MMCMP: Check that end pointer is within the file size * WAV: ensure integer doesn't overflow * XM: additional mempos check * sndmix: Don't process row if its empty. * snd_fx: dont include patterns of zero size in length calc * MT2,AMF: prevent OOB reads Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-306=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libmodplug-debugsource-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug-devel-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug1-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug1-debuginfo-0.8.9.0+git20170610.f6dd59a-8.3.1 - openSUSE Leap 42.3 (x86_64): libmodplug1-32bit-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug1-debuginfo-32bit-0.8.9.0+git20170610.f6dd59a-8.3.1 References: https://bugzilla.suse.com/1022032