Bug 22378

Summary: libvorbis new security issues CVE-2017-14632 and CVE-2017-14633
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5-64-OK
Source RPM: libvorbis-1.3.5-1.mga5.src.rpm CVE:
Status comment:
Bug Depends on: 22370    
Bug Blocks:    

Description David Walser 2018-01-12 15:15:13 CET 
+++ This bug was initially created as a clone of Bug #22370 +++

openSUSE has issued an advisory on January 9:
https://lists.opensuse.org/opensuse-updates/2018-01/msg00015.html

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184 (CVE-2017-14632).

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists
in the function mapping0_forward() in mapping0.c, which may lead to DoS when
operating on a crafted audio file with vorbis_analysis() (CVE-2017-14633).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
https://lists.opensuse.org/opensuse-updates/2018-01/msg00015.html
========================

Updated packages in core/updates_testing:
========================
libvorbis0-1.3.5-1.1.mga5
libvorbis-devel-1.3.5-1.1.mga5
libvorbisenc2-1.3.5-1.1.mga5
libvorbisfile3-1.3.5-1.1.mga5

from libvorbis-1.3.5-1.1.mga5.src.rpm
Comment 1 David Walser 2018-01-13 20:19:31 CET 
Tested by using sox to re-encode an mp3 file to ogg vorbis and playing it with mplayer.  Confirmed with strace and lsof that both used the updated libraries.

Whiteboard: (none) => MGA5-64-OK

Comment 2 Lewis Smith 2018-01-14 17:06:08 CET 
Impressive. Thanks David for a lightening OK. Advisoried, validating.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-01-14 17:55:11 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0084.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED