Red Hat Bugzilla – Bug 159291
CAN-2003-0427 mikmod flaw
Last modified: 2007-11-30 17:11:07 EST
+++ This bug was initially created as a clone of Bug #159290 +++
Back in June 2003, the Debian package owner for mikmod found a security flaw.
Unfortunately it doesn't look like this got shared with vendors (I see nothing
in vendor-sec archives), and we didn't update for this minor flaw.
An attacker could create a malicious archive and if you can convince a victim to
open that archive using mikmod you could overflow a buffer and execute code.
Fix from Gentoo CVS:
This issue affects FC4 (as of FC4-re0530.1) and FC3
Has this update made it into FC4?
Update for FC4 is done (ID's 405).