Security Information / 2016 / Security Information -- DSA-3735-1 game-music-emu

Debian Security Advisory

DSA-3735-1 game-music-emu -- security update

Date Reported:

15 Dec 2016

Affected Packages:

game-music-emu

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Further information can be found at http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

For the stable distribution (jessie), this problem has been fixed in version 0.5.5-2+deb8u1.

For the unstable distribution (sid), this problem has been fixed in version 0.6.0-4.

We recommend that you upgrade your game-music-emu packages.