Fedora has issued an advisory on April 25: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SDQZQAOSX73JCMVEKYFIRL37T76ELFYH/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
I'll wait a bit for the upstream PR to be merged, so that I can simply update to latest master HEAD: https://github.com/dolphin-emu/dolphin/pull/8725
Could you work with upstream to fix it so that we can use the system soundtouch instead of bundling it, so this doesn't happen again?
They need soundtouch compiled with specific pre-processor defines to use short instead of float and disable exceptions, so we'd need to ship a soundtouch-short-nothrow or similar if we want to link against a system version.
I'm pushing an update with latest beta snapshot and PR 8725 cherry-picked. I'll make sure that it ends up properly merged upstream, but until then I can use a local cherry-pick like Fedora. Looking over advisories.mageia.org, this update should fix 9 CVEs. Fixed in dolphin-emu-5.0.11824-1.mga8. Note to QA: RPMs are in tained/updates_testing. Mageia 7 advisory: ================== Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues: - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file (CVE-2017-9258). - The TDStretch::acceptNewOverlapLength function in source/SoundTouch/ TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file (CVE-2017-9259). - The TDStretchSSE::calcCrossCorr function in source/SoundTouch/ sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file (CVE-2017-9260). - Reachable assertion in RateTransposer::setChannels() causing denial of service (CVE-2018-14044). - Reachable assertion in FIRFilter.cpp causing denial of service (CVE-2018-14045). - Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile ::readHeaderBlock() potentially leading to code execution (CVE-2018-1000223). - Assertion failure in BPMDetect class in BPMDetect.cpp (CVE-2018-17096). - Out-of-bounds heap write in WavOutFile::write() (CVE-2018-17097). - Heap corruption in WavFileBase class in WavFile.cpp (CVE-2018-17098). The bundled copy of SoundTouch was updated to version 2.1.2, thereby solving theses issues in Dolphin Emulator. References: - http://advisories.mageia.org/MGASA-2018-0331.html - http://advisories.mageia.org/MGASA-2018-0385.html - http://advisories.mageia.org/MGASA-2018-0462.html - https://github.com/dolphin-emu/dolphin/pull/8725 SRPM in tainted/updates_testing: ================================ dolphin-emu-5.0.11824-1.mga7 RPM in tainted/updates_testing: =============================== dolphin-emu-5.0.11824-1.mga7
Version: Cauldron => 7Assignee: rverschelde => qa-bugsWhiteboard: MGA7TOO => (none)CC: (none) => rverschelde
"dolphin-emu-5.0.11824-1.mga7 not found in the remote repository" from QARepo, tainted option is on.
CC: (none) => herman.viaene
I did switch 3 days ago QARepo to tuxinator mirror from my usual BE mirror belnet, because of synch issues, but now it seems the other way around. Got the update from belnet now.
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 17934 for testing. Downloaded "Need for speed" from the site and got that one started. The demo played and made a lot of noise, but I have no idea how to control it by keyboard So that's as far
Continuing: That's as far as I go. OK unless someone feels more at home with those things BTW: the download took around 45 min. Crazy!!!
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0193.html
Status: NEW => RESOLVEDResolution: (none) => FIXED