Fedora has issued an advisory today (August 26): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XUKP45SVA2Y2C4Z437VC2E3SVAXGPIQM/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Uploaded patched packages for cauldron and mageia 6. The patch does not apply to 1.0.25 in mga5. Will look at it more over the weekend but it's looking like 5 will have to go without. I have the advisory ready and I'll finish this up next week one way or the other.
CC: (none) => mramboAssignee: pkg-bugs => mrambo
Patched package uploaded for cauldron, Mageia 6 and 5. Advisory: ======================== Patched libsndfile package fixes security vulnerability: It was discovered that a Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562 https://bugzilla.redhat.com/show_bug.cgi?id=1483140 ======================== Updated packages in core/updates_testing: ======================== lib64sndfile1-1.0.28-3.1.mga6 lib64sndfile-devel-1.0.28-3.1.mga6 lib64sndfile-static-devel-1.0.28-3.1.mga6 libsndfile-progs-1.0.28-3.1.mga6 lib64sndfile1-1.0.25-9.4.mga5 lib64sndfile-devel-1.0.25-9.4.mga5 lib64sndfile-static-devel-1.0.25-9.4.mga5 libsndfile-progs-1.0.25-9.4.mga5 from: libsndfile-1.0.28-3.1.mga6.src.rpm libsndfile-1.0.25-9.4.mga5.src.rpm Test procedure: https://bugs.mageia.org/show_bug.cgi?id=21138#c3)
Version: Cauldron => 6Assignee: mrambo => qa-bugsWhiteboard: MGA6TOO, MGA5TOO => MGA5TOO, has_procedure
MGA6-32 on Asus A6000VM MATE no installation issues. At CLI: $ sndfile-play 01\ Welington\'s\ Sieg.wav plays OK $ sndfile-metadata-get 02\ Zapfenstreich.wav Description : Originator : Origination ref : UMID : Origination date : Origination time : Coding history : Name : Zapfenstreich Copyright : Artist : Beethoven Comment : Create date : Album : License : is OK as this a file created from a Philips cassette. $ sndfile-play 02\ Zapfenstreich.wav plays OK $ sndfile-info 01\ Welington\'s\ Sieg.wav ======================================== File : 01 Welington's Sieg.wav Length : 149110744 RIFF : 149110736 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 44100 Block Align : 4 Bit Width : 16 Bytes/sec : 176400 LIST : 48 INFO INAM : Wellington's Sieg IART : Beethoven data : 149110644 End ---------------------------------------- Sample Rate : 44100 Frames : 37277661 Channels : 2 Format : 0x00010002 Sections : 1 Seekable : TRUE Duration : 00:14:05.298 Signal Max : 32754 (-0.00 dB) $ sndfile-convert 02\ Zapfenstreich.wav Zapf.mp3 [tester6@mach6 Muziek]$ ls -als totaal 229580 4 drwxr-xr-x 2 tester6 tester6 4096 sep 13 15:48 ./ 4 drwxr-x--- 30 tester6 tester6 4096 sep 13 15:01 ../ 145616 -rw-r--r-- 1 tester6 tester6 149110744 jun 4 2014 '01 Welington'\''s Sieg.wav' 33584 -rw-r--r-- 1 tester6 tester6 34387256 jun 4 2014 '02 Zapfenstreich.wav' 50372 -rw-r--r-- 1 tester6 tester6 51580836 sep 13 15:48 Zapf.mp3 same remark as Len in bug 21138 Comment 4 $ sndfile-info Zapf.mp3 ======================================== File : Zapf.mp3 Length : 51580836 RIFF : 51580828 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 44100 Block Align : 6 Bit Width : 24 Bytes/sec : 264600 LIST : 44 INFO INAM : Zapfenstreich IART : Beethoven data : 51580740 End ---------------------------------------- Sample Rate : 44100 Frames : 8596790 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:03:14.939 Signal Max : 8.38016e+06 (-0.01 dB) Nothing broken so OK for me.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO, has_procedure => MGA5TOO, has_procedure MGA6-32-OK
Advisory from Comment 3. Moved 'has_procedure' from Whiteboard to Keywords.
Whiteboard: MGA5TOO, has_procedure MGA6-32-OK => MGA5TOO MGA6-32-OKKeywords: (none) => advisory, has_procedureCC: (none) => lewyssmith
In VirtualBox, M6, Mate, 64-bit Package(s) under test: lib64sndfile1 libsndfile-progs lib64sndfile-devel lib64sndfile-static-devel default install of lib64sndfile1 libsndfile-progs lib64sndfile-devel & lib64sndfile-static-devel [root@localhost wilcal]# urpmi lib64sndfile1 Package lib64sndfile1-1.0.28-3.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi libsndfile-progs Package libsndfile-progs-1.0.28-3.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-devel Package lib64sndfile-devel-1.0.28-3.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-static-devel Package lib64sndfile-static-devel-1.0.28-3.mga6.x86_64 is already installed sndfile-play star_wars.wav ( Plays properly ) sndfile-info star_wars.wav ======================================== File : star_wars.wav Length : 35118800 RIFF : 35118792 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 *** sav1 : 42 (unknown marker) *** sav2 : 4 (unknown marker) bext : 642 *** pad : 1284 (unknown marker) data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) sndfile-convert star_wars.wav star_wars.mp3 ( Converts and plays properly ) sndfile-info star_wars.mp3 ======================================== File : star_wars.mp3 Length : 35117494 RIFF : 35117486 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 bext : 690 data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) install lib64sndfile1 libsndfile-progs lib64sndfile-devel & lib64sndfile-static-devel from updates_testing [root@localhost wilcal]# urpmi lib64sndfile1 Package lib64sndfile1-1.0.28-3.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi libsndfile-progs Package libsndfile-progs-1.0.28-3.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-devel Package lib64sndfile-devel-1.0.28-3.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-static-devel Package lib64sndfile-static-devel-1.0.28-3.1.mga6.x86_64 is already installed sndfile-play star_wars.wav ( Plays properly ) [wilcal@localhost sndfile]$ sndfile-info star_wars.wav ======================================== File : star_wars.wav Length : 35118800 RIFF : 35118792 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 *** sav1 : 42 (unknown marker) *** sav2 : 4 (unknown marker) bext : 642 *** pad : 1284 (unknown marker) data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) sndfile-convert star_wars.wav star_wars_1.mp3 ( Converts and plays properly ) sndfile]$ sndfile-info star_wars_1.mp3 ======================================== File : star_wars.mp3 Length : 35117494 RIFF : 35117486 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 bext : 690 data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB)
CC: (none) => wilcal.int
Whiteboard: MGA5TOO MGA6-32-OK => MGA5TOO MGA6-32-OK MGA6-64-OK
In VirtualBox, M5.1, KDE, 32-bit Package(s) under test: libsndfile1 libsndfile-progs libsndfile-devel libsndfile-static-devel default install of libsndfile1 libsndfile-progs libsndfile-devel & libsndfile-static-devel [root@localhost wilcal]# urpmi libsndfile1 Package libsndfile1-1.0.25-9.3.mga5.i586 is already installed [root@localhost wilcal]# urpmi libsndfile-progs Package libsndfile-progs-1.0.25-9.3.mga5.i586 is already installed [root@localhost wilcal]# urpmi libsndfile-devel Package libsndfile-devel-1.0.25-9.3.mga5.i586 is already installed [root@localhost wilcal]# urpmi libsndfile-static-devel Package libsndfile-static-devel-1.0.25-9.3.mga5.i586 is already installed sndfile-play star_wars.wav ( Plays properly ) sndfile-info star_wars.wav Version : libsndfile-1.0.25 ======================================== File : star_wars.wav Length : 35118800 RIFF : 35118792 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 *** sav1 : 42 (unknown marker) *** sav2 : 4 (unknown marker) bext : 642 *** pad : 1284 (unknown marker) data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) sndfile-convert star_wars.wav star_wars.mp3 ( Converts and plays properly ) sndfile-info star_wars.mp3 Version : libsndfile-1.0.25 ======================================== File : star_wars.mp3 Length : 35117494 RIFF : 35117486 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 bext : 690 data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) install libsndfile1 libsndfile-progs libsndfile-devel & libsndfile-static-devel from updates_testing [root@localhost wilcal]# urpmi libsndfile1 Package libsndfile1-1.0.25-9.4.mga5.i586 is already installed [root@localhost wilcal]# urpmi libsndfile-progs Package libsndfile-progs-1.0.25-9.4.mga5.i586 is already installed [root@localhost wilcal]# urpmi libsndfile-devel Package libsndfile-devel-1.0.25-9.4.mga5.i586 is already installed [root@localhost wilcal]# urpmi libsndfile-static-devel Package libsndfile-static-devel-1.0.25-9.4.mga5.i586 is already installed sndfile-play star_wars.wav ( Plays properly ) sndfile-info star_wars.wav Version : libsndfile-1.0.25 ======================================== File : star_wars.wav Length : 35118800 RIFF : 35118792 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 *** sav1 : 42 (unknown marker) *** sav2 : 4 (unknown marker) bext : 642 *** pad : 1284 (unknown marker) data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) sndfile-convert star_wars.wav star_wars_1.mp3 ( Converts and plays properly ) sndfile]$ sndfile-info star_wars_1.mp3 Version : libsndfile-1.0.25 ======================================== File : star_wars_1.mp3 Length : 35117494 RIFF : 35117486 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 bext : 690 data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB)
Whiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA6-32-OK MGA6-64-OK
In VirtualBox, M5.1, KDE, 64-bit Package(s) under test: lib64sndfile1 libsndfile-progs lib64sndfile-devel lib64sndfile-static-devel default install of lib64sndfile1 libsndfile-progs lib64sndfile-devel & lib64sndfile-static-devel [root@localhost wilcal]# urpmi lib64sndfile1 Package lib64sndfile1-1.0.25-9.3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi libsndfile-progs Package libsndfile-progs-1.0.25-9.3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-devel Package lib64sndfile-devel-1.0.25-9.3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-static-devel Package lib64sndfile-static-devel-1.0.25-9.3.mga5.x86_64 is already installed sndfile-play star_wars.wav ( Plays properly ) sndfile-info star_wars.wav Version : libsndfile-1.0.25 ======================================== File : star_wars.wav Length : 35118800 RIFF : 35118792 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 *** sav1 : 42 (unknown marker) *** sav2 : 4 (unknown marker) bext : 642 *** pad : 1284 (unknown marker) data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) sndfile-convert star_wars.wav star_wars.mp3 ( Converts and plays properly ) sndfile-info star_wars.mp3 Version : libsndfile-1.0.25 ======================================== File : star_wars.mp3 Length : 35117494 RIFF : 35117486 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 bext : 690 data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) install lib64sndfile1 libsndfile-progs lib64sndfile-devel & lib64sndfile-static-devel from updates_testing [root@localhost wilcal]# urpmi lib64sndfile1 Package lib64sndfile1-1.0.25-9.4.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi libsndfile-progs Package libsndfile-progs-1.0.25-9.4.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-devel Package lib64sndfile-devel-1.0.25-9.4.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sndfile-static-devel Package lib64sndfile-static-devel-1.0.25-9.4.mga5.x86_64 is already installed sndfile-play star_wars.wav ( Plays properly ) sndfile-info star_wars.wav Version : libsndfile-1.0.25 ======================================== File : star_wars.wav Length : 35118800 RIFF : 35118792 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 *** sav1 : 42 (unknown marker) *** sav2 : 4 (unknown marker) bext : 642 *** pad : 1284 (unknown marker) data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB) sndfile-convert star_wars.wav star_wars_1.mp3 ( Converts and plays properly ) sndfile]$ sndfile-info star_wars_1.mp3 Version : libsndfile-1.0.25 ======================================== File : star_wars_1.mp3 Length : 35117494 RIFF : 35117486 WAVE fmt : 16 Format : 0x1 => WAVE_FORMAT_PCM Channels : 2 Sample Rate : 88200 Block Align : 6 Bit Width : 24 Bytes/sec : 529200 bext : 690 data : 35116752 End ---------------------------------------- Sample Rate : 88200 Frames : 5852792 Channels : 2 Format : 0x00010003 Sections : 1 Seekable : TRUE Duration : 00:01:06.358 Signal Max : 8.325e+06 (-0.07 dB)
Whiteboard: MGA5TOO MGA5-32-OK MGA6-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK MGA6-64-OK
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0338.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED