CVEs were requested for a divide-by-zero and buffer overread in libsndfile: http://openwall.com/lists/oss-security/2014/12/24/3 http://openwall.com/lists/oss-security/2014/12/25/2 The first request got no response. A CVE was allocated for the buffer overread(s): http://openwall.com/lists/oss-security/2015/01/04/4 I've added the upstream patches for both issues in Mageia 4 and Cauldron. Advisory: ======================== Updated libsndfile packages fix security vulnerabilities: libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service (CVE-2014-9496). libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496 http://openwall.com/lists/oss-security/2014/12/24/3 http://openwall.com/lists/oss-security/2015/01/04/4 http://www.securityfocus.com/bid/71796 ======================== Updated packages in core/updates_testing: ======================== libsndfile1-1.0.25-3.1.mga4 libsndfile-devel-1.0.25-3.1.mga4 libsndfile-static-devel-1.0.25-3.1.mga4 libsndfile-progs-1.0.25-3.1.mga4 from libsndfile-1.0.25-3.1.mga4.src.rpm Reproducible: Steps to Reproduce:
It looks like the affected code is in reading SD2 (Sound Designer II) files and writing AIFF files, so perhaps using sox or audacity (which use libsndfile) to convert an SD2 file to an AIFF can test the affected code paths. I don't know where you'd get an SD2 file though. It sounds like it was an old format used on Macs in the past. I did use sox to convert a WAV file to an aiff and that worked just fine (Mageia 4 i586).
MGA4-64 on HP Probook 6555b KDE. No installation issues. At CLI: strace -o libsnd sox Rimsky.wav Rimsky.aiff produces an aiff file that plays in audacity File libsnd shows that libsndfile.so.1 is called.
Whiteboard: (none) => MGA4-64-OKCC: (none) => herman.viaene
MGA4-32 on AcerD620 Xfce. Same test and result as Comment 2.
Whiteboard: MGA4-64-OK => MGA4-64-OK MGA4-32-OK
Validating. Advisory uploaded. Please push to 4 updates Thanks
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0015.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/628834/
(In reply to David Walser from comment #0) > CVEs were requested for a divide-by-zero and buffer overread in libsndfile: > http://openwall.com/lists/oss-security/2014/12/24/3 > > The first request got no response. Almost a year later, it was assigned CVE-2014-9756: http://openwall.com/lists/oss-security/2015/11/03/9 Updated advisory below. Could we update it in SVN? Advisory: ======================== Updated libsndfile packages fix security vulnerabilities: libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service (CVE-2014-9496). libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service (CVE-2014-9756). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9756 http://openwall.com/lists/oss-security/2015/01/04/4 http://openwall.com/lists/oss-security/2015/11/03/9 http://www.securityfocus.com/bid/71796
Summary: libsndfile new security issue CVE-2014-9496 => libsndfile new security issues CVE-2014-9496 and CVE-2014-9756