Bug 47555 - lame: Multiple issues (4.2)
lame: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P5 normal (vote)
: UCS 4.2-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-09 12:26 CEST by Quality Assurance
Modified: 2018-08-15 16:20 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 0.0 ()


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2018-08-09 12:26:16 CEST
New Debian lame 3.99.5+repack1-7+deb8u2 fixes:
This update addresses the following issue(s):
* 
* The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. (CVE-2017-9869)
* The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126. (CVE-2017-9870)
* The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. (CVE-2017-9871)
* The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. (CVE-2017-9872)
CVE_2017-13712 is open
* LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. (CVE-2017-15018)
CVE_2017-15019 is open
* LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. (CVE-2017-15045)
* LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. (CVE-2017-15046)

3.99.5+repack1-7+deb8u2 (Sun, 27 May 2018 17:30:02 -0400) [ Fabian Greffrath ] * Build the frontend with the sndfile io routines, RAW PCM and WAV can be read from stdin since at least 3.99.0. - Add Build-Depends: libsndfile1-dev. Addressed CVEs: CVE-2017-9872, CVE-2017-9871, CVE-2017-9870, CVE-2017-9869, CVE-2017-15046, CVE-2017-15045, CVE-2017-15018.
Comment 1 Quality Assurance univentionstaff 2018-08-09 18:44:22 CEST
--- mirror/ftp/4.2/unmaintained/4.2-0/source/lame_3.99.5+repack1-7+deb8u1.dsc
+++ apt/ucs_4.2-0-errata4.2-4/source/lame_3.99.5+repack1-7+deb8u2.dsc
@@ -1,3 +1,14 @@
+3.99.5+repack1-7+deb8u2 [Sun, 27 May 2018 17:30:02 -0400] Hugo Lefeuvre <hle@debian.org>:
+
+  [ Fabian Greffrath ]
+
+  * Build the frontend with the sndfile io routines, RAW PCM and WAV can be
+    read from stdin since at least 3.99.0 (Closes: #867725).
+    - Add Build-Depends: libsndfile1-dev.
+
+    Addressed CVEs: CVE-2017-9872, CVE-2017-9871, CVE-2017-9870, CVE-2017-9869,
+    CVE-2017-15046, CVE-2017-15045, CVE-2017-15018.
+
 3.99.5+repack1-7+deb8u1 [Mon, 15 Jun 2015 15:05:21 +0200] Fabian Greffrath <fabian@debian.org>:
 
   * debian/patches/force_align_arg_pointer.patch: Enable functions with SSE

<http://10.200.17.11/4.2-4/#7246537906215838684>
Comment 2 Philipp Hahn univentionstaff 2018-08-10 11:21:14 CEST
OK: yaml
OK: errata-announce
OK: patch
OK: piuparts

[4.2-4] acff9f91a7 Bug #47555: lame 3.99.5+repack1-7+deb8u2
 doc/errata/staging/lame.yaml | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

[4.2-4] e30721763d Bug #47555: lame 3.99.5+repack1-7+deb8u2
 doc/errata/staging/lame.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-08-15 16:20:46 CEST
<http://errata.software-univention.de/ucs/4.2/457.html>