Fedora has issued an advisory on January 3: http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096448.html Patched packages uploaded for Mageia 2 and Cauldron. Patch also checked into Mageia 1 SVN. Note to QA: PoC http://www.exploit-db.com/exploits/19772/ Advisory: ======================== Updated snack packages fix security vulnerability: Two vulnerabilities have been discovered in Snack Sound Toolkit, which are caused due to missing boundary checks in the "GetWavHeader()" function (generic/jkSoundFile.c) when parsing either format sub-chunks or unknown sub-chunks. This can be exploited to cause a heap-based buffer overflow via specially crafted WAV files with overly large chunk sizes specified (CVE-2012-6303). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6303 http://secunia.com/advisories/49889/ http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096448.html ======================== Updated packages in core/updates_testing: ======================== tcl-snack-2.2.10-10.1.mga2 python-snack-2.2.10-10.1.mga2 from snack-2.2.10-10.1.mga2.src.rpm
Whiteboard: (none) => has_procedure
Snack has a testsuite too David, is it used here?
Testing complete mga2 64 Saved the PoC as wavesurfer.pl and created the crafted wav with $ perl wavesurfer.pl Before ------ $ cd /usr/share/doc/tcl-snack/ $ ./widget.tcl Unable to play sound due to it requiring /dev/sound/dsp which I think is OSS, but running with soundwrapper corrects that. $ soundwrapper ./widget.tcl Opening the crafted wav causes a backtrace. Python-snack doesn't seem affected. $ cd /usr/share/doc/python-snack/ $ soundwrapper ./widget.py After ----- No backtrace
Hardware: i586 => AllWhiteboard: has_procedure => has_procedure mga2-64-OK
(In reply to comment #1) > Snack has a testsuite too David, is it used here? No.
Testing complete on mga2, i586. Before ------ $ cd /usr/share/doc/tcl-snack/ $ ./widget.tcl $ soundwrapper ./widget.tcl Opening the crafted wav file causes a segmentation fault. $ cd /usr/share/doc/python-snack/ $ soundwrapper ./widget.py Opening the crafted wav file causes a segmentation fault also for the python version. After ----- No segmentation fault (for either version) when opening the crafted file. ---- Validating No linking needed according to depcheck. See comment 0 for SRPM & Advisory. Could sysadmin please push from core/updates_testing to core/updates. Thank you!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs, wassiWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0017
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED