Bug 50162 - sox: Multiple issues (4.3)
sox: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-09 16:00 CEST by Quality Assurance
Modified: 2019-09-11 15:56 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 6.7 (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) Debian NVD RedHat


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-09-09 16:00:22 CEST
New Debian sox 14.4.1-5+deb9u2 fixes:
This update addresses the following issues:
* Divide by zero in startread function in wav.c (CVE-2017-11332)
* Invalid memory read in read_samples function in hcom.c (CVE-2017-11358)
* Devide by zero in wavwritehdr function in wav.c (CVE-2017-11359)
* There is a heap-based buffer overflow in the ImaExpandS function of  ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a  denial of service attack during conversion of an audio file.  (CVE-2017-15370)
* Reachable assertion abort in the function sox_append_comment()  (CVE-2017-15371)
* There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i  function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will  lead to a denial of service attack during conversion of an audio file.  (CVE-2017-15372)
* In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a  Use-After-Free vulnerability triggered by supplying a malformed AIFF file.  (CVE-2017-15642)
* In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a  corrupt header specifying zero channels triggers an infinite loop with a  resultant NULL pointer dereference, which may allow a remote attacker to  cause a denial-of-service. (CVE-2017-18189)
* integer overflow in function lsx_make_lpf in effect_i_dsp.c (CVE-2019-8354)
* integer overflow in xmalloc.h (CVE-2019-8355)
* stack-based buffer overflow in bitrv2 in fft4g.c (CVE-2019-8356)
* null pointer dereference in function lsx_make_lpf in effect_i_dsp.c  (CVE-2019-8357)
* SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read.  The impact is: Denial of Service. The component is: read_samples function  at xa.c:219. The attack vector is: Victim must open specially crafted .xa  file. NOTE: this may overlap CVE-2017-18189. (CVE-2019-1010004)
Comment 1 Quality Assurance univentionstaff 2019-09-09 17:01:23 CEST
--- mirror/ftp/4.3/unmaintained/4.3-4/source/sox_14.4.1-5+deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/sox_14.4.1-5+deb9u2.dsc
@@ -1,3 +1,14 @@
+14.4.1-5+deb9u2 [Fri, 16 Aug 2019 00:28:55 +0200] Moritz Mühlenhoff <jmm@debian.org>:
+
+  * Sync up patches with 14.4.1-5+deb8u4 (sans some uncommented patches)
+    CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 (Closes: #927906)
+    CVE-2019-1010004 CVE-2017-18189 (Closes: #881121)
+    CVE-2017-15642 (Closes: #882144)
+    CVE-2017-15372 (Closes: #878808)
+    CVE-2017-15371 (Closes: #878809)
+    CVE-2017-15370 (Closes: #878810)
+    CVE-2017-11359 CVE-2017-11358 CVE-2017-11332 (Closes: #870328)
+
 14.4.1-5+deb9u1 [Fri, 01 Feb 2019 16:18:21 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
   * Non-maintainer upload.

<http://10.200.17.11/4.3-4/#7446983810841040335>
Comment 2 Philipp Hahn univentionstaff 2019-09-10 11:31:47 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-4] 142990a856 Bug #50162: sox 14.4.1-5+deb9u2
 doc/errata/staging/sox.yaml | 35 +++++++++++++++--------------------
 1 file changed, 15 insertions(+), 20 deletions(-)

[4.3-4] c3a73024e1 Bug #50162: sox 14.4.1-5+deb9u2
 doc/errata/staging/sox.yaml | 52 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-09-11 15:56:18 CEST
<http://errata.software-univention.de/ucs/4.3/582.html>