Bug 21618

Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Uploaded patched packages for cauldron and mageia 6. The patch does not apply to 1.0.25 in mga5. Will look at it more over the weekend but it's looking like 5 will have to go without. I have the advisory ready and I'll finish this up next week one way or the other.

CC: (none) => mrambo
Assignee: pkg-bugs => mrambo

Patched package uploaded for cauldron, Mageia 6 and 5.

Advisory:
========================

Patched libsndfile package fixes security vulnerability:

It was discovered that a Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562
https://bugzilla.redhat.com/show_bug.cgi?id=1483140
========================

Updated packages in core/updates_testing:
========================
lib64sndfile1-1.0.28-3.1.mga6
lib64sndfile-devel-1.0.28-3.1.mga6
lib64sndfile-static-devel-1.0.28-3.1.mga6
libsndfile-progs-1.0.28-3.1.mga6
lib64sndfile1-1.0.25-9.4.mga5
lib64sndfile-devel-1.0.25-9.4.mga5
lib64sndfile-static-devel-1.0.25-9.4.mga5
libsndfile-progs-1.0.25-9.4.mga5

from: 
libsndfile-1.0.28-3.1.mga6.src.rpm
libsndfile-1.0.25-9.4.mga5.src.rpm


Test procedure: https://bugs.mageia.org/show_bug.cgi?id=21138#c3)

Version: Cauldron => 6
Assignee: mrambo => qa-bugs
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO, has_procedure

MGA6-32 on Asus A6000VM MATE
no installation issues.
At CLI:
$ sndfile-play 01\ Welington\'s\ Sieg.wav
plays OK
$ sndfile-metadata-get 02\ Zapfenstreich.wav 
Description          : 
Originator           : 
Origination ref      : 
UMID                 : 
Origination date     : 
Origination time     : 
Coding history       : 
Name                 : Zapfenstreich
Copyright            : 
Artist               : Beethoven
Comment              : 
Create date          : 
Album                : 
License              : 
is OK as this a file created from a Philips cassette.
$ sndfile-play 02\ Zapfenstreich.wav 
plays OK
$ sndfile-info 01\ Welington\'s\ Sieg.wav 
========================================
File : 01 Welington's Sieg.wav
Length : 149110744
RIFF : 149110736
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 44100
  Block Align   : 4
  Bit Width     : 16
  Bytes/sec     : 176400
LIST : 48
  INFO
    INAM : Wellington's Sieg
    IART : Beethoven
data : 149110644
End

----------------------------------------
Sample Rate : 44100
Frames      : 37277661
Channels    : 2
Format      : 0x00010002
Sections    : 1
Seekable    : TRUE
Duration    : 00:14:05.298
Signal Max  : 32754 (-0.00 dB)
$ sndfile-convert 02\ Zapfenstreich.wav Zapf.mp3
[tester6@mach6 Muziek]$ ls -als
totaal 229580
     4 drwxr-xr-x  2 tester6 tester6      4096 sep 13 15:48 ./
     4 drwxr-x--- 30 tester6 tester6      4096 sep 13 15:01 ../
145616 -rw-r--r--  1 tester6 tester6 149110744 jun  4  2014 '01 Welington'\''s Sieg.wav'
 33584 -rw-r--r--  1 tester6 tester6  34387256 jun  4  2014 '02 Zapfenstreich.wav'
 50372 -rw-r--r--  1 tester6 tester6  51580836 sep 13 15:48 Zapf.mp3
same remark as Len in bug 21138 Comment 4

$ sndfile-info Zapf.mp3 
========================================
File : Zapf.mp3
Length : 51580836
RIFF : 51580828
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 44100
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 264600
LIST : 44
  INFO
    INAM : Zapfenstreich
    IART : Beethoven
data : 51580740
End

----------------------------------------
Sample Rate : 44100
Frames      : 8596790
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:03:14.939
Signal Max  : 8.38016e+06 (-0.01 dB)

Nothing broken so OK for me.

CC: (none) => herman.viaene
Whiteboard: MGA5TOO, has_procedure => MGA5TOO, has_procedure MGA6-32-OK

Advisory from Comment 3. Moved 'has_procedure' from Whiteboard to Keywords.

Whiteboard: MGA5TOO, has_procedure MGA6-32-OK => MGA5TOO MGA6-32-OK
Keywords: (none) => advisory, has_procedure
CC: (none) => lewyssmith

In VirtualBox, M6, Mate, 64-bit

Package(s) under test:
lib64sndfile1 libsndfile-progs lib64sndfile-devel lib64sndfile-static-devel

default install of lib64sndfile1 libsndfile-progs lib64sndfile-devel &
lib64sndfile-static-devel

[root@localhost wilcal]# urpmi lib64sndfile1
Package lib64sndfile1-1.0.28-3.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi libsndfile-progs
Package libsndfile-progs-1.0.28-3.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-devel
Package lib64sndfile-devel-1.0.28-3.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-static-devel
Package lib64sndfile-static-devel-1.0.28-3.mga6.x86_64 is already installed

sndfile-play star_wars.wav ( Plays properly )

sndfile-info star_wars.wav
========================================
File : star_wars.wav
Length : 35118800
RIFF : 35118792
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
*** sav1 : 42 (unknown marker)
*** sav2 : 4 (unknown marker)
bext : 642
*** pad  : 1284 (unknown marker)
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

sndfile-convert star_wars.wav star_wars.mp3 ( Converts and plays properly )

sndfile-info star_wars.mp3
========================================
File : star_wars.mp3
Length : 35117494
RIFF : 35117486
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
bext : 690
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)


install lib64sndfile1 libsndfile-progs lib64sndfile-devel &
lib64sndfile-static-devel from updates_testing

[root@localhost wilcal]# urpmi lib64sndfile1
Package lib64sndfile1-1.0.28-3.1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi libsndfile-progs
Package libsndfile-progs-1.0.28-3.1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-devel
Package lib64sndfile-devel-1.0.28-3.1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-static-devel
Package lib64sndfile-static-devel-1.0.28-3.1.mga6.x86_64 is already installed

sndfile-play star_wars.wav  ( Plays properly )

[wilcal@localhost sndfile]$ sndfile-info star_wars.wav
========================================
File : star_wars.wav
Length : 35118800
RIFF : 35118792
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
*** sav1 : 42 (unknown marker)
*** sav2 : 4 (unknown marker)
bext : 642
*** pad  : 1284 (unknown marker)
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

sndfile-convert star_wars.wav star_wars_1.mp3 ( Converts and plays properly )

sndfile]$ sndfile-info star_wars_1.mp3
========================================
File : star_wars.mp3
Length : 35117494
RIFF : 35117486
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
bext : 690
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

CC: (none) => wilcal.int

In VirtualBox, M5.1, KDE, 32-bit

Package(s) under test:
libsndfile1 libsndfile-progs libsndfile-devel libsndfile-static-devel

default install of libsndfile1 libsndfile-progs libsndfile-devel &
libsndfile-static-devel

[root@localhost wilcal]# urpmi libsndfile1
Package libsndfile1-1.0.25-9.3.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libsndfile-progs
Package libsndfile-progs-1.0.25-9.3.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libsndfile-devel
Package libsndfile-devel-1.0.25-9.3.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libsndfile-static-devel
Package libsndfile-static-devel-1.0.25-9.3.mga5.i586 is already installed

sndfile-play star_wars.wav ( Plays properly )

sndfile-info star_wars.wav

Version : libsndfile-1.0.25

========================================
File : star_wars.wav
Length : 35118800
RIFF : 35118792
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
*** sav1 : 42 (unknown marker)
*** sav2 : 4 (unknown marker)
bext : 642
*** pad  : 1284 (unknown marker)
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

sndfile-convert star_wars.wav star_wars.mp3 ( Converts and plays properly )

sndfile-info star_wars.mp3

Version : libsndfile-1.0.25

========================================
File : star_wars.mp3
Length : 35117494
RIFF : 35117486
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
bext : 690
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

install libsndfile1 libsndfile-progs libsndfile-devel &
libsndfile-static-devel from updates_testing

[root@localhost wilcal]# urpmi libsndfile1
Package libsndfile1-1.0.25-9.4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libsndfile-progs
Package libsndfile-progs-1.0.25-9.4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libsndfile-devel
Package libsndfile-devel-1.0.25-9.4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libsndfile-static-devel
Package libsndfile-static-devel-1.0.25-9.4.mga5.i586 is already installed


sndfile-play star_wars.wav ( Plays properly )

sndfile-info star_wars.wav

Version : libsndfile-1.0.25

========================================
File : star_wars.wav
Length : 35118800
RIFF : 35118792
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
*** sav1 : 42 (unknown marker)
*** sav2 : 4 (unknown marker)
bext : 642
*** pad  : 1284 (unknown marker)
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792                                                                                             
Channels    : 2                                                                                                   
Format      : 0x00010003                                                                                          
Sections    : 1                                                                                                   
Seekable    : TRUE                                                                                                
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

sndfile-convert star_wars.wav star_wars_1.mp3 ( Converts and plays properly )

sndfile]$ sndfile-info star_wars_1.mp3

Version : libsndfile-1.0.25

========================================
File : star_wars_1.mp3
Length : 35117494
RIFF : 35117486
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
bext : 690
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

In VirtualBox, M5.1, KDE, 64-bit

Package(s) under test:
lib64sndfile1 libsndfile-progs lib64sndfile-devel lib64sndfile-static-devel

default install of lib64sndfile1 libsndfile-progs lib64sndfile-devel &
lib64sndfile-static-devel

[root@localhost wilcal]# urpmi lib64sndfile1
Package lib64sndfile1-1.0.25-9.3.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi libsndfile-progs
Package libsndfile-progs-1.0.25-9.3.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-devel
Package lib64sndfile-devel-1.0.25-9.3.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-static-devel
Package lib64sndfile-static-devel-1.0.25-9.3.mga5.x86_64 is already installed

sndfile-play star_wars.wav ( Plays properly )

sndfile-info star_wars.wav

Version : libsndfile-1.0.25

========================================
File : star_wars.wav
Length : 35118800
RIFF : 35118792
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
*** sav1 : 42 (unknown marker)
*** sav2 : 4 (unknown marker)
bext : 642
*** pad  : 1284 (unknown marker)
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

sndfile-convert star_wars.wav star_wars.mp3 ( Converts and plays properly )

sndfile-info star_wars.mp3

Version : libsndfile-1.0.25

========================================
File : star_wars.mp3
Length : 35117494
RIFF : 35117486
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
bext : 690
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)


install lib64sndfile1 libsndfile-progs lib64sndfile-devel &
lib64sndfile-static-devel from updates_testing

[root@localhost wilcal]# urpmi lib64sndfile1
Package lib64sndfile1-1.0.25-9.4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi libsndfile-progs
Package libsndfile-progs-1.0.25-9.4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-devel
Package lib64sndfile-devel-1.0.25-9.4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64sndfile-static-devel
Package lib64sndfile-static-devel-1.0.25-9.4.mga5.x86_64 is already installed

sndfile-play star_wars.wav  ( Plays properly )

sndfile-info star_wars.wav

Version : libsndfile-1.0.25

========================================
File : star_wars.wav
Length : 35118800
RIFF : 35118792
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
*** sav1 : 42 (unknown marker)
*** sav2 : 4 (unknown marker)
bext : 642
*** pad  : 1284 (unknown marker)
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

sndfile-convert star_wars.wav star_wars_1.mp3 ( Converts and plays properly )

sndfile]$ sndfile-info star_wars_1.mp3

Version : libsndfile-1.0.25

========================================
File : star_wars_1.mp3
Length : 35117494
RIFF : 35117486
WAVE
fmt  : 16
  Format        : 0x1 => WAVE_FORMAT_PCM
  Channels      : 2
  Sample Rate   : 88200
  Block Align   : 6
  Bit Width     : 24
  Bytes/sec     : 529200
bext : 690
data : 35116752
End

----------------------------------------
Sample Rate : 88200
Frames      : 5852792
Channels    : 2
Format      : 0x00010003
Sections    : 1
Seekable    : TRUE
Duration    : 00:01:06.358
Signal Max  : 8.325e+06 (-0.07 dB)

This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0338.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED