Bug 29298

Summary: libsndfile new security issue CVE-2021-3246
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, mageia, sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: libsndfile-1.0.31-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2021-07-29 23:31:44 CEST 
Ubuntu has issued an advisory today (July 29):
https://ubuntu.com/security/notices/USN-5025-1

Mageia 8 is also affected.
David Walser 2021-07-29 23:32:51 CEST

Status comment: (none) => Patches available from Ubuntu and upstream
CC: (none) => geiger.david68210
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2021-07-30 20:23:45 CEST 
This is a homeless SRPM, but DavidG (already CC'd) is its main recent committer; so changing the CC to assignment.

Assignee: bugsquad => geiger.david68210
CC: geiger.david68210 => (none)

Comment 2 Nicolas Lécureuil 2021-07-31 17:08:49 CEST 
Fixed in mga8/9

src:
    - libsndfile-1.0.31-1.1.mga8

Whiteboard: MGA8TOO => (none)
Status comment: Patches available from Ubuntu and upstream => (none)
Version: Cauldron => 8
CC: (none) => mageia
Assignee: geiger.david68210 => qa-bugs

Comment 3 David Walser 2021-07-31 17:19:10 CEST 
libsndfile1-1.0.31-1.1.mga8
libsndfile-progs-1.0.31-1.1.mga8
libsndfile-devel-1.0.31-1.1.mga8

from libsndfile-1.0.31-1.1.mga8.src.rpm
Comment 4 Len Lawrence 2021-07-31 17:50:37 CEST 
mga8, x64

CVE-2021-3246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246
Heap buffer overflow in in msadpcm_decode_block
https://github.com/libsndfile/libsndfile/issues/687
$ sndfile-info --cart sndfile_heap_overflow
double free or corruption (out)
Aborted (core dumped)

Update packages not available.  Better wait until mirrors sync.

CC: (none) => tarazed25

Comment 5 Len Lawrence 2021-08-01 08:58:14 CEST 
Updated the packages.
Ran the PoC.
$ sndfile-info --cart sndfile_heap_overflow
Error : Not able to open input file sndfile_heap_overflow.
Unspecified internal error.

Handled better - no core dump.

Tested the utilities.
sndfile-play worked for a variety of formats.
sndfile-convert generated AIFF and SND files from a WAV file.
$ sndfile-metadata-get --str-artist CherryOhBaby.ogg
Artist                 : UB40
$ sndfile-info Semiramis.wav
========================================
File : Semiramis.wav
Length : 82362380
RIFF : 82362372
WAVE
........
$ sndfile-deinterleave BoarsHead.wav
Input file : BoarsHead
Output files :
    BoarsHead_00.wav
    BoarsHead_01.wav

Applications like speech-dispatcher are purported to need libsndfile but running strace on both the speech-dispatcher daemon and espeak failed to provide any evidence of that.  The utility tests shall have to suffice.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2021-08-06 02:59:59 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-08-06 10:52:41 CEST

Keywords: (none) => advisory

Comment 7 Mageia Robot 2021-08-06 11:35:16 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0392.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED