Bug 21692 - mpg123 new security issue CVE-2017-12797
Summary: mpg123 new security issue CVE-2017-12797
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2017-09-11 20:41 CEST by David Walser
Modified: 2017-09-16 10:25 CEST (History)
6 users (show)

See Also:
Source RPM: mpg123-1.25.4-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2017-09-11 20:41:02 CEST
openSUSE has issued an advisory today (September 11):
https://lists.opensuse.org/opensuse-updates/2017-09/msg00044.html

1.25.6 fix a couple of additional issues, so we should update to that.

Mageia 5 and Mageia 6 are also affected.
Comment 1 David Walser 2017-09-11 20:41:14 CEST
https://www.mpg123.de/cgi-bin/news.cgi

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 2 Marja van Waes 2017-09-13 11:48:28 CEST
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => lists.jjorge

Comment 3 José Jorge 2017-09-13 19:19:51 CEST
I will do that now.

CC: (none) => lists.jjorge
Status: NEW => ASSIGNED

Comment 4 José Jorge 2017-09-13 21:40:40 CEST
Update ready to test.

Suggested Advisory : 

mpg123 version 1.25.6 fix two buffer overflows, and several other non-security bugs.

Single RPM :
mpg123-1.25.6

Assignee: lists.jjorge => qa-bugs

Comment 5 José Jorge 2017-09-13 21:42:14 CEST
Removed Cauldron as it is fixed.

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Version: Cauldron => 6

Comment 6 Herman Viaene 2017-09-14 10:46:58 CEST
MGA5-32 on Asus A6000VM Xfce
No installation issues.
Taking procedure in Comment 4 as example, at CLI:
$ mpg123 kant1.mp3 
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layers 1, 2 and 3
	version 1.25.6; written and copyright by Michael Hipp and others
	free software (LGPL) without any warranty but with best wishes


Terminal control enabled, press 'h' for listing of keys and functions.

Playing MPEG stream 1 of 1: kant1.mp3 ...

MPEG 1.0 L III cbr128 44100 stereo

Title:   kant 1                                                Artist: Beethoven                                            
Album:   Wellington's Victory

[17:21] Decoding of kant1.mp3 finished.
plays OK
$ mpg123 http://download.linnrecords.com/test/mp3/recit.aspx
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layers 1, 2 and 3
	version 1.25.6; written and copyright by Michael Hipp and others
	free software (LGPL) without any warranty but with best wishes

Directory: http://download.linnrecords.com/test/mp3/

Terminal control enabled, press 'h' for listing of keys and functions.

Playing MPEG stream 1 of 1: recit.aspx ...

MPEG 1.0 L III cbr320 44100 j-s

[0:09] Decoding of recit.aspx finished.
also OK
$ mpginfo kant2.mp3 
Skipped -2 zeroes at start of file
mpgtx: AT EOF - please stop me!
mmm, this file does not start with a pack, offset: -2 
use the desperate_mode switch as the first option -X to search for a header in the whole file!
if you want to force the operation. May yield to an endless loop if no valid header is found!
Does not even begin with a 00 00 01 xx sequence!

No success at all.
kant2.mp3
  Audio : Mpeg 1 layer 3
  Estimated Duration: 17:00.92s
  128 kbps  44100 Hz
  Frame size: 417 bytes
  Stereo,  No emphasis,  original
  ID3 v2.4.0 tag (more info on http://www.id3.org/)
     ----------------
     ----------------
this mp3 has been converted by audacity from a wav file which was a capture from a Philips cassette, it plays OK on any player I tried before. So this info seems OK to me.

Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
CC: (none) => herman.viaene

Comment 7 Len Lawrence 2017-09-14 13:37:48 CEST
Testing on mga6:x86_64.

Installed from updates testing.
$ mpg123 PadstowMaySong.mp3
........
MPEG 1.0 L III cbr128 44100 stereo

keypress <h>
 -= terminal control keys =-
[s] or [ ]	interrupt/restart playback (i.e. '(un)pause')
[f]	next track
[d]	previous track
[]]	next directory (next track until directory part changes)
[[]	previous directory (previous track until directory part changes)
[b]	back to beginning of track
[p]	loop around current position (don't combine with output buffer)
[
...................

$ mpg123 DoffingMistress.mp3
Tried some of the keyboard controls.  Only s worked, to pause and resume.
$ mpg123 -@ Handel-concerti-mp3.m3u
<f> worked for next track

$ mpg123 -w TielmanSusato.wav LaDansereye-TielmanSusato.mp3
This generated a WAV file which played fine.
$ ls -l TielmanSusato.wav
-rw-r--r-- 1 lcl lcl 79160876 Sep 14 12:21 TielmanSusato.wav
This compares very well with an original raw WAV file.
$ ls -l LaDansereye-TielmanSusato.wav
-rw-r--r-- 1 lcl lcl 79163660 Mar 11  2014 LaDansereye-TielmanSusato.wav

This looks good for 64-bits.

CC: (none) => tarazed25

Len Lawrence 2017-09-14 13:38:02 CEST

Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK

Comment 8 Herman Viaene 2017-09-14 14:13:22 CEST
MGA6-32 on Asus A6000VM MATE
No installation issues
Repeated same tests as per Comment 6 with same results, so OK for me.

Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA6-64-OK MGA6-32-OK

Comment 9 Lewis Smith 2017-09-14 21:02:45 CEST
Advisory made from title, comments 0, 1, 4.
Thanks testers for rapid testing. Validating as it has 3/4 OKs.

Keywords: (none) => advisory, validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 10 Mageia Robot 2017-09-16 10:25:49 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0341.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.