Bug 23823

Summary: soundtouch new security issues CVE-2018-1709[6-8]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, herman.viaene, lewyssmith, marja11, mhrambo3501, smelror, sysadmin-bugs
Version: 6Keywords: advisory, has_procedure, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK
Source RPM: soundtouch-2.1.0-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-11-08 18:46:03 CET 
SUSE has issued an advisory on November 2:
http://lists.suse.com/pipermail/sle-security-updates/2018-November/004822.html

Mageia 6 is also affected.
David Walser 2018-11-08 18:46:38 CET

CC: (none) => mrambo
Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-11-08 23:02:58 CET 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => geiger.david68210, marja11, smelror
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2018-11-15 00:27:25 CET 
openSUSE has issued an advisory for this on November 10:
https://lists.opensuse.org/opensuse-updates/2018-11/msg00030.html
Comment 3 Mike Rambo 2018-11-15 15:57:58 CET 
Updated cauldron to latest 2.1.1 release. Attempted to patch the Mageia 6 package but the patches did not apply to the mga6 code base so it too was updated to 2.1.1.


Advisory:
========================

Updated soundtouch package fixes security vulnerabilities:

Assertion failure in BPMDetect class in BPMDetect.cpp (CVE-2018-17096).
Out-of-bounds heap write in WavOutFile::write() (CVE-2018-17097).
Heap corruption in WavFileBase class in WavFile.cpp (CVE-2018-17098).


References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17096
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17097
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17098
========================

Updated packages in core/updates_testing:
========================
lib64soundtouch1-2.1.1-1.mga6
lib64soundtouch-devel-2.1.1-1.mga6
soundtouch-2.1.1-1.mga6

from soundtouch-2.1.1-1.mga6.src.rpm


Test procedure
https://bugs.mageia.org/show_bug.cgi?id=23323#c4
https://bugs.mageia.org/show_bug.cgi?id=23500#c5

Version: Cauldron => 6
Assignee: pkg-bugs => qa-bugs
Keywords: (none) => has_procedure
Whiteboard: MGA6TOO => (none)

Comment 4 Herman Viaene 2018-11-19 14:36:56 CET 
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
At CLI:
$ soundstretch -license
Displays the software licence.$ soundstretch 02Zapfenstreich.wav out.2 -tempo=+20 -pitch=-10

   SoundStretch v2.1.1 -  Copyright (c) Olli Parviainen
=========================================================
author e-mail: <oparviai@iki.fi> - WWW: http://www.surina.net/soundtouch

This program is subject to (L)GPL license. Run "soundstretch -license" for
more information.

Uses 32bit floating point sample type in processing.

Processing the file with the following changes:
  tempo change = +20 %
  pitch change = -10 semitones
  rate change  = +0 %

Working...Done!
$ aplay out.2 
Playing WAVE 'out.2' : Signed 16 bit Little Endian, Rate 44100 Hz, Stereo
Sounds awfull, but that's what I asked for.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

Comment 5 Lewis Smith 2018-11-19 20:48:42 CET 
Thank you Herman. Validating.
Advisory from comment 3.

Keywords: (none) => advisory, validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 6 Mageia Robot 2018-11-20 12:12:27 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0462.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED