| Summary: | mp3gain new security issues CVE-2017-1440[6-9] and CVE-2017-1441[0-2] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | brtians1, herman.viaene, mageia, mhrambo3501, smelror, sysadmin-bugs, tarazed25, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | mp3gain-1.5.2-8.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-09-14 11:58:38 CEST
David Walser
2017-09-14 11:58:45 CEST
Whiteboard:
(none) =>
MGA6TOO, MGA5TOO No fixes, so no update for Mageia 5. Whiteboard:
MGA6TOO, MGA5TOO =>
MGA6TOO rgain is a python package (https://pypi.python.org/pypi/rgain). Since mp3gain is hard to fix and we move to rgain, this should be assigned to python maintainers. CC:
(none) =>
mageia
David Walser
2018-02-02 18:18:04 CET
Status comment:
(none) =>
Probably won't be fixed, package should be dropped/replaced (In reply to Marc Krämer from comment #2) > rgain is a python package (https://pypi.python.org/pypi/rgain). > Since mp3gain is hard to fix and we move to rgain, this should be assigned > to python maintainers. Looks like rgain isn't getting any TLC either. https://bitbucket.org/fk/rgain/issues/26/wanted-new-maintainer Cheers, Stig CC:
(none) =>
smelror Updated packages uploaded for cauldron and Mageia 6. Advisory: ======================== Updated mp3gain package fixes security vulnerabilities: A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service (CVE-2017-14406). A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service (CVE-2017-14407). A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service (CVE-2017-14408). A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution (CVE-2017-14409). A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service (CVE-2017-14410). A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution (CVE-2017-14411). An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact (CVE-2017-14412). Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-10777). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14406 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14409 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14412 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10777 https://sourceforge.net/p/mp3gain/bugs/40/ https://sourceforge.net/p/mp3gain/bugs/41/ https://sourceforge.net/p/mp3gain/bugs/43/ ======================== Updated packages in core/updates_testing: ======================== mp3gain-1.6.2-1.mga6 from mp3gain-1.6.2-1.mga6.src.rpm Version:
Cauldron =>
6 MGA6-32 MATE on IBM Thinkpad R50e No installation issues Created two mp3 files from wav's using audacity. The wav's come from an old Philips audio cassette. At CLI $ mp3gain -x 01\ Welington\'s\ Sieg.mp3 01 Welington's Sieg.mp3 Recommended "Track" dB change: -0.650000 Recommended "Track" mp3 gain change: 0 WARNING: some clipping may occur with this gain change! Max PCM sample at current gain: 32819.066763 Max mp3 global gain field: 210 Min mp3 global gain field: 144 Recommended "Album" dB change for all files: -1.430000 Recommended "Album" mp3 gain change for all files: -1 and $ mp3gain -x 02\ Zapfenstreich.mp3 02 Zapfenstreich.mp3 Recommended "Track" dB change: -3.970000 Recommended "Track" mp3 gain change: -3 Max PCM sample at current gain: 32481.402828 Max mp3 global gain field: 210 Min mp3 global gain field: 147 Recommended "Album" dB change for all files: -1.430000 Recommended "Album" mp3 gain change for all files: -1 and $ mp3gain -r 01\ Welington\'s\ Sieg.mp3 02\ Zapfenstreich.mp3 01 Welington's Sieg.mp3 No changes to 01 Welington's Sieg.mp3 are necessary 02 Zapfenstreich.mp3 Applying mp3 gain change of -3 to 02 Zapfenstreich.mp3... Played mp3's again then, but could not really tell if there was a noticeable change. At least it didn't spoil anything. Whiteboard:
(none) =>
MGA6-32-OK For what it is worth I AM following up the PoCs for 64-bits. . CC:
(none) =>
tarazed25 In the light of what has been already said, e.g. http://openwall.com/lists/oss-security/2017/09/14/9, it does not look worthwhile to follow up the PoCs. Just repeating Herman's tests for 64-bits. Before update: $ mp3gain LaProcession.mp3 LaProcession.mp3 Recommended "Track" dB change: -4.060000 Recommended "Track" mp3 gain change: -3 Max PCM sample at current gain: 28658.739531 Max mp3 global gain field: 210 Min mp3 global gain field: 84 Recommended "Album" dB change for all files: -4.060000 Recommended "Album" mp3 gain change for all files: -3 Clean update. $ mp3gain -x LaProcession.mp3 LaProcession.mp3 Recommended "Track" dB change: -4.060000 Recommended "Track" mp3 gain change: -3 Max PCM sample at current gain: 28657.854365 Max mp3 global gain field: 210 Min mp3 global gain field: 84 Recommended "Album" dB change for all files: -4.060000 Recommended "Album" mp3 gain change for all files: -3 which is almost the same. $ mp3gain -r LaProcession.mp3 ElBarberilloDoLavaples.mp3 LaProcession.mp3 Applying mp3 gain change of -3 to LaProcession.mp3... ElBarberilloDoLavaples.mp3 Applying mp3 gain change of -1 to ElBarberilloDoLavaples.mp3... Played those two tracks in mplayer and they sounded fine. OK for 64-bits. $ uname -a
Linux localhost 4.14.56-desktop-1.mga6 #1 SMP Mon Jul 16 19:36:06 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
The following package is going to be installed:
- mp3gain-1.6.2-1.mga6.x86_64
40KB of disk space will be freed.
51KB of packages will be retrieved.
$ mp3gain -v
mp3gain version 1.6.2
$ mp3gain begin.mp3 begin_louder.mp3
begin.mp3
Delaying a frame in decoding with old libmpg123.
Recommended "Track" dB change: -2.580000
Recommended "Track" mp3 gain change: -2
Max PCM sample at current gain: 33657.394531
Max mp3 global gain field: 255
Min mp3 global gain field: 129
begin_louder.mp3
Can't open begin_louder.mp3 for reading
Recommended "Album" dB change for all files: -2.580000
Recommended "Album" mp3 gain change for all files: -2
seemed to work and handled the error well
Next I cranked up the mp3 a bunch
$ mp3gain -g 7 begin.mp3 begin_louder.mp3
Applying gain change of 7 to begin.mp3...
done
Applying gain change of 7 to begin_louder.mp3...
Can't open begin_louder.mp3 for modifying
----
Oh yeah that's much louder
Working as designed.Whiteboard:
MGA6-32-OK =>
MGA6-32-OK MGA6-64-OK
Len Lawrence
2018-07-29 09:24:36 CEST
Keywords:
(none) =>
validated_update
Thomas Backlund
2018-08-10 15:24:29 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0326.html Resolution:
(none) =>
FIXED This update also fixed CVE-2017-12911: https://lists.opensuse.org/opensuse-updates/2020-04/msg00085.html |