Bug 5297

Summary: taglib new security issues CVE-2012-1108 and CVE-2012-1584
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: taglib-1.6.3-2.mga1.src.rpm CVE:
Status comment:

Description David Walser 2012-04-09 02:55:28 CEST 
Patched package uploaded.

Advisory:
========================

Updated taglib packages fix security vulnerabilities:

When parsing an Ogg file, a specially crafted Ogg file with control
over the "vendorLength" field could cause a string allocation with
that size.  Control over the "commentFields", which is the number of
times that "commentLength" is read, would allocate a string of size
"commandLength", which could cause an application linked to taglib to
crash (CVE-2012-1108).

Taglib suffers from an integer overflow flaw when parsing file header
fields.  A file with a crafted header could cause a large allocation
and crash the application (CVE-2012-1584).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1584
https://bugzilla.redhat.com/show_bug.cgi?id=800559
https://bugzilla.redhat.com/show_bug.cgi?id=810009
========================

Updated packages in core/updates_testing:
========================
libtaglib1-1.6.3-2.1.mga1
libtaglib_c0-1.6.3-2.1.mga1
libtaglib-devel-1.6.3-2.1.mga1

from taglib-1.6.3-2.1.mga1.src.rpm
Comment 1 Dave Hodgins 2012-04-10 22:29:09 CEST 
Testing complete on i586 for the srpm
taglib-1.6.3-2.1.mga1.src.rpm

Tested using parole and amarok with a ogg file.

CC: (none) => davidwhodgins

Comment 2 Manuel Hiebel 2012-04-11 02:44:22 CEST 
Testing with using rhythmbox on x86_64


Suggested Advisory:
-------------
Updated taglib packages fix security vulnerabilities:

When parsing an Ogg file, a specially crafted Ogg file with control
over the "vendorLength" field could cause a string allocation with
that size.  Control over the "commentFields", which is the number of
times that "commentLength" is read, would allocate a string of size
"commandLength", which could cause an application linked to taglib to
crash (CVE-2012-1108).

Taglib suffers from an integer overflow flaw when parsing file header
fields.  A file with a crafted header could cause a large allocation
and crash the application (CVE-2012-1584).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1584
https://bugzilla.redhat.com/show_bug.cgi?id=800559
https://bugzilla.redhat.com/show_bug.cgi?id=810009

https://bugs.mageia.org/show_bug.cgi?id=5297
-------------

SRPM: taglib-1.6.3-2.1.mga1.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 Thomas Backlund 2012-04-11 22:12:33 CEST 
Update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED