14 DAY TRIAL // Security researcher Chris Evans has reported recently on yet another vulnerability in the Game Music Emulator (game-music-emu) package that's installed or found in the repositories of various popular GNU/Linux distributions.
For those not aware, Game Music Emulator is a collection of video game music file emulators designed to playback a large number of formats and systems, including SPC (Super Nintendo/Super Famicom), where the problem was discovered by Chris Evans, which could allow an attacker to execute arbitrary code via a maliciously crafted file.
According to Chris Evans, it appears that Game Music Emulator incorrectly emulated the SPC700 audio co-processor of the Super Nintendo Entertainment System (popularly known as SNES). However, the issue was patched just hours after the security researcher reported the security vulnerability.
"Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened," reads Debian Security Advisory DSA-3735-1. For more information you should read the lengthy report on Chris Evans' blog.
It landed in Ubuntu and Debian repositories
As of December 15, 2016, Game Music Emulator 0.6.1 is available and fully patched against the security flaw mentioned above. It also looks like the Debian and Ubuntu developers have updated the game-music-emu packages for Debian GNU/Linux 8 "Jessie", Debian Sid, Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, 16.10, and 17.04.
The patched game-music-emu version might also be available in the software repositories of other GNU/Linux distributions, so you're urged to update your system(s) immediately. We always recommend that you keep your PCs up to date at all times to avoid these type of security compromises or issues.
