Univention Bugzilla – Bug 52288
libsndfile: Multiple issues (4.4)
Last modified: 2020-11-04 14:49:23 CET
New Debian libsndfile 1.0.27-3+deb9u1 fixes: This update addresses the following issues: * Information disclosure via aiff_read_chanmap() function (CVE-2017-6892) * Out-of-bounds read in the function d2alaw_array() (CVE-2017-14245) * Out-of-bounds read in the function d2ulaw_array() (CVE-2017-14246) * Divide-by-zero in the double64_init() function (CVE-2017-14634) * buffer over-read in the function i2ulaw_array in ulaw.c (CVE-2018-19661) * buffer over-read in the function i2alaw_array in alaw.c (CVE-2018-19662) * heap-based buffer over-read at wav.c in wav_write_header (CVE-2018-19758) * incomplete fix for CVE-2018-19758 still allow to read beyond buffer limits (CVE-2019-3832)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libsndfile_1.0.27-3.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/libsndfile_1.0.27-3+deb9u1.dsc @@ -1,3 +1,20 @@ +1.0.27-3+deb9u1 [Wed, 28 Oct 2020 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-3832 + heap read overflow in wav_write_header due to incomplete + fix for CVE-2018-19758. + * CVE-2018-19758 + heap read overflow in wav_write_header + * CVE-2018-19662, CVE-2018-19661, CVE-2017-14246, CVE-2017-14245 + multiple buffer overflows in a/ulaw functions. + * CVE-2017-14634 + fix for division by zero errors + * CVE-2017-6892 + An error in the "aiff_read_chanmap()" function could be exploited + to cause an out-of-bounds read memory access via a specially + crafted AIFF file. + 1.0.27-3 [Sun, 28 May 2017 22:52:39 +0200] IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>: * Mentioned CVEs fixed by fix_bufferoverflows.patch <http://10.200.17.11/4.4-6/#8205678131363985547>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] ddd38fd2d5 Bug #52288: libsndfile 1.0.27-3+deb9u1 doc/errata/staging/libsndfile.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x788>