29298 – libsndfile new security issue CVE-2021-3246

Bug 29298 - libsndfile new security issue CVE-2021-3246

Summary: libsndfile new security issue CVE-2021-3246

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-07-29 23:31 CEST by David Walser
Modified:	2021-08-06 11:35 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	libsndfile-1.0.31-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-07-29 23:31:44 CEST

Ubuntu has issued an advisory today (July 29):
https://ubuntu.com/security/notices/USN-5025-1

Mageia 8 is also affected.

David Walser 2021-07-29 23:32:51 CEST

Status comment: (none) => Patches available from Ubuntu and upstream
CC: (none) => geiger.david68210
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2021-07-30 20:23:45 CEST

This is a homeless SRPM, but DavidG (already CC'd) is its main recent committer; so changing the CC to assignment.

Assignee: bugsquad => geiger.david68210
CC: geiger.david68210 => (none)

Comment 2 Nicolas Lécureuil 2021-07-31 17:08:49 CEST

Fixed in mga8/9

src:
    - libsndfile-1.0.31-1.1.mga8

Whiteboard: MGA8TOO => (none)
Status comment: Patches available from Ubuntu and upstream => (none)
Version: Cauldron => 8
CC: (none) => mageia
Assignee: geiger.david68210 => qa-bugs

Comment 3 David Walser 2021-07-31 17:19:10 CEST

libsndfile1-1.0.31-1.1.mga8
libsndfile-progs-1.0.31-1.1.mga8
libsndfile-devel-1.0.31-1.1.mga8

from libsndfile-1.0.31-1.1.mga8.src.rpm

Comment 4 Len Lawrence 2021-07-31 17:50:37 CEST

mga8, x64

CVE-2021-3246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246
Heap buffer overflow in in msadpcm_decode_block
https://github.com/libsndfile/libsndfile/issues/687
$ sndfile-info --cart sndfile_heap_overflow
double free or corruption (out)
Aborted (core dumped)

Update packages not available.  Better wait until mirrors sync.

CC: (none) => tarazed25

Comment 5 Len Lawrence 2021-08-01 08:58:14 CEST

Updated the packages.
Ran the PoC.
$ sndfile-info --cart sndfile_heap_overflow
Error : Not able to open input file sndfile_heap_overflow.
Unspecified internal error.

Handled better - no core dump.

Tested the utilities.
sndfile-play worked for a variety of formats.
sndfile-convert generated AIFF and SND files from a WAV file.
$ sndfile-metadata-get --str-artist CherryOhBaby.ogg
Artist                 : UB40
$ sndfile-info Semiramis.wav
========================================
File : Semiramis.wav
Length : 82362380
RIFF : 82362372
WAVE
........
$ sndfile-deinterleave BoarsHead.wav
Input file : BoarsHead
Output files :
    BoarsHead_00.wav
    BoarsHead_01.wav

Applications like speech-dispatcher are purported to need libsndfile but running strace on both the speech-dispatcher daemon and espeak failed to provide any evidence of that.  The utility tests shall have to suffice.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2021-08-06 02:59:59 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-08-06 10:52:41 CEST

Keywords: (none) => advisory

Comment 7 Mageia Robot 2021-08-06 11:35:16 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0392.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.