Fedora has issued an advisory on July 16: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DBNLS5JI6AFPGYDJHBRYWMSVRPRNVQCN/ Mageia 6 is also affected (Mageia 5 may be as well).
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11, smelror
(In reply to Marja Van Waes from comment #1) > Assigning to all packagers collectively, since there is no registered > maintainer for this package. now really assigning :-[
Assignee: bugsquad => pkg-bugs
Patched package uploaded for cauldron and Mageia 6. Advisory: ======================== Updated soundtouch package fixes security vulnerabilities: The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258). The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file (CVE-2017-9259). The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file (CVE-2017-9260). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9258 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9259 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9260 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DBNLS5JI6AFPGYDJHBRYWMSVRPRNVQCN/ ======================== Updated packages in core/updates_testing: ======================== lib64soundtouch1-1.9.2-2.1.mga6 lib64soundtouch-devel-1.9.2-2.1.mga6 soundtouch-1.9.2-2.1.mga6 from soundtouch-1.9.2-2.1.mga6.src.rpm
Version: Cauldron => 6Assignee: pkg-bugs => qa-bugsWhiteboard: MGA6TOO => (none)CC: (none) => mrambo
Mageia 6, x86_64 PoCs at http://seclists.org/fulldisclosure/2017/Jul/62 Analyzed using ASAN - not an option for us. CVE-2017-9258 Before: $ soundstretch SoundTouch_1.9.2_memory_allocation_error.wav out [...] Segmentation fault (core dumped) CVE-2017-9259 Before: $ soundstretch SoundTouch_1.9.2_infinite_loop.wav out [...] Working... <Hung forever with one core running 100%.> $ ll out -rw-r--r-- 1 lcl lcl 56 Jul 31 16:28 out CVE-2017-9260 Before: $ soundstretch SoundTouch_1.9.2_heap_buffer_overflow.wav out [...] Working...Segmentation fault (core dumped) $ soundstretch Corries.wav out.1 -tempo=-50 -pitch=+8 SoundStretch v1.9.2 - Written by Olli Parviainen 2001 - 2015 ================================================================== author e-mail: <oparviai@iki.fi> - WWW: http://www.surina.net/soundtouch This program is subject to (L)GPL license. Run "soundstretch -license" for more information. Uses 32bit floating point sample type in processing. Processing the file with the following changes: tempo change = -50 % pitch change = +8 semitones rate change = +0 % Working...Done! $ aplay out.1 It definitely worked - terrible thing to do to the Corries though. Updated from testing. PoC tests, afterwards: $ soundstretch SoundTouch_1.9.2_memory_allocation_error.wav out [...] Error: Excessive samplerate $ soundstretch SoundTouch_1.9.2_infinite_loop.wav out [...] Error: Excessive samplerate $ soundstretch SoundTouch_1.9.2_heap_buffer_overflow.wav out [...] Error: Excessive samplerate That validates the patches. $ soundstretch -license Displays the software licence. $ soundstretch LammasTide.wav out.2 -tempo=+10 -pitch=-2 SoundStretch v1.9.2 - Written by Olli Parviainen 2001 - 2015 ================================================================== author e-mail: <oparviai@iki.fi> - WWW: http://www.surina.net/soundtouch This program is subject to (L)GPL license. Run "soundstretch -license" for more information. Uses 32bit floating point sample type in processing. Processing the file with the following changes: tempo change = +10 % pitch change = -2 semitones rate change = +0 % Working...Done! $ aplay out.2 The changes were applied - a subtler effect. All good for 64-bits.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0331.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED