Bug 22378 - libvorbis new security issues CVE-2017-14632 and CVE-2017-14633
Summary: libvorbis new security issues CVE-2017-14632 and CVE-2017-14633
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-64-OK
Keywords: advisory, validated_update
Depends on: 22370
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-12 15:15 CET by David Walser
Modified: 2018-01-14 17:55 CET (History)
1 user (show)

See Also:
Source RPM: libvorbis-1.3.5-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-01-12 15:15:13 CET
+++ This bug was initially created as a clone of Bug #22370 +++

openSUSE has issued an advisory on January 9:
https://lists.opensuse.org/opensuse-updates/2018-01/msg00015.html

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184 (CVE-2017-14632).

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists
in the function mapping0_forward() in mapping0.c, which may lead to DoS when
operating on a crafted audio file with vorbis_analysis() (CVE-2017-14633).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
https://lists.opensuse.org/opensuse-updates/2018-01/msg00015.html
========================

Updated packages in core/updates_testing:
========================
libvorbis0-1.3.5-1.1.mga5
libvorbis-devel-1.3.5-1.1.mga5
libvorbisenc2-1.3.5-1.1.mga5
libvorbisfile3-1.3.5-1.1.mga5

from libvorbis-1.3.5-1.1.mga5.src.rpm
Comment 1 David Walser 2018-01-13 20:19:31 CET
Tested by using sox to re-encode an mp3 file to ogg vorbis and playing it with mplayer.  Confirmed with strace and lsof that both used the updated libraries.

Whiteboard: (none) => MGA5-64-OK

Comment 2 Lewis Smith 2018-01-14 17:06:08 CET
Impressive. Thanks David for a lightening OK. Advisoried, validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => advisory, validated_update

Comment 3 Mageia Robot 2018-01-14 17:55:11 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0084.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.