Security update for libopenmpt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2622-1 Final 1 1 2019-10-09T13:23:38Z current 2019-10-09T13:23:38Z 2019-10-09T13:23:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libopenmpt This update for libopenmpt to version 0.3.19 fixes the following issues: - CVE-2019-17113: Fixed a buffer overflow in ModPlug_InstrumentName and ModPlug_SampleName (bsc#1153102). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/lmcache-vllm-openai:0-2019-2622,Container containers/open-webui:0-2019-2622,Container containers/vllm-openai:0-2019-2622,Image ai_15_6-2019-2622,SUSE-2019-2622,SUSE-SLE-Module-Desktop-Applications-15-2019-2622,SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2622,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2622,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2622 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192622-1/ Link for SUSE-SU-2019:2622-1 https://lists.suse.com/pipermail/sle-security-updates/2019-October/006001.html E-Mail link for SUSE-SU-2019:2622-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1153102 SUSE Bug 1153102 https://www.suse.com/security/cve/CVE-2019-17113/ SUSE CVE CVE-2019-17113 page Container containers/lmcache-vllm-openai:0 Container containers/open-webui:0 Container containers/vllm-openai:0 Image ai_15_6 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libopenmpt0-0.3.19-2.10.1 libmodplug-devel-0.3.19-2.10.1 libmodplug1-0.3.19-2.10.1 libmodplug1-32bit-0.3.19-2.10.1 libmodplug1-64bit-0.3.19-2.10.1 libopenmpt-devel-0.3.19-2.10.1 libopenmpt0-32bit-0.3.19-2.10.1 libopenmpt0-64bit-0.3.19-2.10.1 libopenmpt_modplug1-0.3.19-2.10.1 libopenmpt_modplug1-32bit-0.3.19-2.10.1 libopenmpt_modplug1-64bit-0.3.19-2.10.1 openmpt123-0.3.19-2.10.1 libopenmpt0-0.3.19-2.10.1 as a component of Container containers/lmcache-vllm-openai:0 libopenmpt0-0.3.19-2.10.1 as a component of Container containers/open-webui:0 libopenmpt0-0.3.19-2.10.1 as a component of Container containers/vllm-openai:0 libopenmpt0-0.3.19-2.10.1 as a component of Image ai_15_6 libmodplug-devel-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libmodplug1-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libopenmpt-devel-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libopenmpt0-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libopenmpt_modplug1-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libmodplug-devel-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libmodplug1-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libopenmpt-devel-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libopenmpt0-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 libopenmpt_modplug1-0.3.19-2.10.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. CVE-2019-17113 Container containers/lmcache-vllm-openai:0:libopenmpt0-0.3.19-2.10.1 Container containers/open-webui:0:libopenmpt0-0.3.19-2.10.1 Container containers/vllm-openai:0:libopenmpt0-0.3.19-2.10.1 Image ai_15_6:libopenmpt0-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libmodplug-devel-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libmodplug1-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libopenmpt-devel-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libopenmpt0-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libopenmpt_modplug1-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15:libmodplug-devel-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15:libmodplug1-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15:libopenmpt-devel-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15:libopenmpt0-0.3.19-2.10.1 SUSE Linux Enterprise Module for Desktop Applications 15:libopenmpt_modplug1-0.3.19-2.10.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192622-1/ https://www.suse.com/security/cve/CVE-2019-17113.html CVE-2019-17113 https://bugzilla.suse.com/1153102 SUSE Bug 1153102