Bug 5297 - taglib new security issues CVE-2012-1108 and CVE-2012-1584
Summary: taglib new security issues CVE-2012-1108 and CVE-2012-1584
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-04-09 02:55 CEST by David Walser
Modified: 2012-04-11 22:12 CEST (History)
3 users (show)

See Also:
Source RPM: taglib-1.6.3-2.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-04-09 02:55:28 CEST 
Patched package uploaded.

Advisory:
========================

Updated taglib packages fix security vulnerabilities:

When parsing an Ogg file, a specially crafted Ogg file with control
over the "vendorLength" field could cause a string allocation with
that size.  Control over the "commentFields", which is the number of
times that "commentLength" is read, would allocate a string of size
"commandLength", which could cause an application linked to taglib to
crash (CVE-2012-1108).

Taglib suffers from an integer overflow flaw when parsing file header
fields.  A file with a crafted header could cause a large allocation
and crash the application (CVE-2012-1584).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1584
https://bugzilla.redhat.com/show_bug.cgi?id=800559
https://bugzilla.redhat.com/show_bug.cgi?id=810009
========================

Updated packages in core/updates_testing:
========================
libtaglib1-1.6.3-2.1.mga1
libtaglib_c0-1.6.3-2.1.mga1
libtaglib-devel-1.6.3-2.1.mga1

from taglib-1.6.3-2.1.mga1.src.rpm
Comment 1 Dave Hodgins 2012-04-10 22:29:09 CEST 
Testing complete on i586 for the srpm
taglib-1.6.3-2.1.mga1.src.rpm

Tested using parole and amarok with a ogg file.

CC: (none) => davidwhodgins

Comment 2 Manuel Hiebel 2012-04-11 02:44:22 CEST 
Testing with using rhythmbox on x86_64


Suggested Advisory:
-------------
Updated taglib packages fix security vulnerabilities:

When parsing an Ogg file, a specially crafted Ogg file with control
over the "vendorLength" field could cause a string allocation with
that size.  Control over the "commentFields", which is the number of
times that "commentLength" is read, would allocate a string of size
"commandLength", which could cause an application linked to taglib to
crash (CVE-2012-1108).

Taglib suffers from an integer overflow flaw when parsing file header
fields.  A file with a crafted header could cause a large allocation
and crash the application (CVE-2012-1584).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1584
https://bugzilla.redhat.com/show_bug.cgi?id=800559
https://bugzilla.redhat.com/show_bug.cgi?id=810009

https://bugs.mageia.org/show_bug.cgi?id=5297
-------------

SRPM: taglib-1.6.3-2.1.mga1.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 Thomas Backlund 2012-04-11 22:12:33 CEST 
Update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.