| Summary: | libsndfile new security issue CVE-2018-19662 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, sysadmin-bugs, tarazed25, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | libsndfile-1.0.28-10.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-04-28 19:35:31 CEST
David Walser
2020-04-28 19:35:40 CEST
Whiteboard:
(none) =>
MGA7TOO No registered maintainer nor obvious committer, so assigning this globally. Assignee:
bugsquad =>
pkg-bugs Done for Cauldron and mga7! Also note that I used a single upstream patch that fixes #429 (CVE-2018-19661 and CVE-2018-19662) and fixes #344 (CVE-2017-17456 and CVE-2017-17457). CC:
(none) =>
geiger.david68210 That's very odd. We already fixed the 2017 CVEs. I don't understand how I missed the 19661 one when Ubuntu had an advisory for it in June. Advisory: ======================== Updated libsndfile packages fix security vulnerabilities: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service (CVE-2018-19661). An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service (CVE-2018-19662). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19661 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19662 ======================== Updated packages in core/updates_testing: ======================== libsndfile1-1.0.28-8.2.mga7 libsndfile-devel-1.0.28-8.2.mga7 libsndfile-progs-1.0.28-8.2.mga7 from libsndfile-1.0.28-8.2.mga7.src.rpm Version:
Cauldron =>
7 mga7, x86_64
CVE-2018-1966{1,2}
https://github.com/erikd/libsndfile/issues/429
$ tar tf poc.tar
global-buffer-overflow__i2alaw_array
$ sndfile-convert -alaw global-buffer-overflow__i2alaw_array out.raw
$ sndfile-convert -ulaw global-buffer-overflow__i2alaw_array out.raw
$ ll out*.raw
-rw-r--r-- 1 lcl lcl 24320 Apr 30 17:34 out2.raw
-rw-r--r-- 1 lcl lcl 24320 Apr 30 17:33 out.raw
Don't know what this tells us. The tests were intended to be run with asan.
valgrind gave the two commands a clean bill of health which could mean that the fix had already been applied.
Ran the updates.
$ sndfile-play ASuiteOfTheatreMusic.wav
pavucontrol reports ALSA Playback. It sounds fine.
$ sndfile-play CherryOhBaby.ogg
$ sndfile-metadata-get --str-artist CherryOhBaby.ogg
Artist : UB40
$ sndfile-play MatthewLocke.flac
Playing MatthewLocke.flac
$ sndfile-info MatthewLocke.flac
========================================
File : MatthewLocke.flac
Length : 37356262
FLAC Stream Metadata
Channels : 2
Sample rate : 44100
....
$ sndfile-convert LaGazzaLadra.flac LaGazzaLadra.aif
Playing LaGazzaLadra.aif
$ sndfile-convert TheElfKnight.paf TheElfKnight.aif
$ sndfile-play TheElfKnight.aif
Playing TheElfKnight.aif
$ sndfile-convert LongLankin.wav LongLankin.mat
$ sndfile-play LongLankin.mat
Playing LongLankin.mat
$ sndfile-convert LaDansereye-TielmanSusato.flac LaDanserye.snd
$ sndfile-play LaDanserye.snd
Playing LaDanserye.snd
No problems with any of this.CC:
(none) =>
tarazed25 Validating. Advisory in Comment 4. Keywords:
(none) =>
validated_update
Thomas Backlund
2020-05-05 12:15:18 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0197.html Status:
NEW =>
RESOLVED |