Univention Bugzilla – Bug 50162
sox: Multiple issues (4.3)
Last modified: 2019-09-11 15:56:18 CEST
New Debian sox 14.4.1-5+deb9u2 fixes: This update addresses the following issues: * Divide by zero in startread function in wav.c (CVE-2017-11332) * Invalid memory read in read_samples function in hcom.c (CVE-2017-11358) * Devide by zero in wavwritehdr function in wav.c (CVE-2017-11359) * There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. (CVE-2017-15370) * Reachable assertion abort in the function sox_append_comment() (CVE-2017-15371) * There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. (CVE-2017-15372) * In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. (CVE-2017-15642) * In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. (CVE-2017-18189) * integer overflow in function lsx_make_lpf in effect_i_dsp.c (CVE-2019-8354) * integer overflow in xmalloc.h (CVE-2019-8355) * stack-based buffer overflow in bitrv2 in fft4g.c (CVE-2019-8356) * null pointer dereference in function lsx_make_lpf in effect_i_dsp.c (CVE-2019-8357) * SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. (CVE-2019-1010004)
--- mirror/ftp/4.3/unmaintained/4.3-4/source/sox_14.4.1-5+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/sox_14.4.1-5+deb9u2.dsc @@ -1,3 +1,14 @@ +14.4.1-5+deb9u2 [Fri, 16 Aug 2019 00:28:55 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * Sync up patches with 14.4.1-5+deb8u4 (sans some uncommented patches) + CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 (Closes: #927906) + CVE-2019-1010004 CVE-2017-18189 (Closes: #881121) + CVE-2017-15642 (Closes: #882144) + CVE-2017-15372 (Closes: #878808) + CVE-2017-15371 (Closes: #878809) + CVE-2017-15370 (Closes: #878810) + CVE-2017-11359 CVE-2017-11358 CVE-2017-11332 (Closes: #870328) + 14.4.1-5+deb9u1 [Fri, 01 Feb 2019 16:18:21 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.3-4/#7446983810841040335>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 142990a856 Bug #50162: sox 14.4.1-5+deb9u2 doc/errata/staging/sox.yaml | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) [4.3-4] c3a73024e1 Bug #50162: sox 14.4.1-5+deb9u2 doc/errata/staging/sox.yaml | 52 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)
<http://errata.software-univention.de/ucs/4.3/582.html>