Bug 48870 – sox: Multiple issues (4.2)

Bug 48870 - sox: Multiple issues (4.2)


Summary:	sox: Multiple issues (4.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.2
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.2-5-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-03-06 08:55 CET by Quality Assurance
Modified:	2019-03-06 14:24 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2019-03-06 08:55:53 CET

New Debian sox 14.4.1-5+deb8u3 fixes:
This update addresses the following issues:

* 14.4.1-5+deb8u1 (Sun, 24 Feb 2019 18:04:09 +0200) * Non-maintainer upload.  * Add patches for CVE-2014-8145 to series file and really apply fixes.  Thanks to Mike Salvatore for spotting the issue.

* 14.4.1-5+deb8u1 (Sun, 24 Feb 2019 18:04:09 +0200) * Non-maintainer upload.  * Add patches for CVE-2014-8145 to series file and really apply fixes.  Thanks to Mike Salvatore for spotting the issue.

* 14.4.1-5+deb8u1 (Sun, 24 Feb 2019 18:04:09 +0200) * Non-maintainer upload.  * Add patches for CVE-2014-8145 to series file and really apply fixes.  Thanks to Mike Salvatore for spotting the issue.

* 14.4.1-5+deb8u2 (Thu, 28 Feb 2019 08:58:56 +0100) * Non-maintainer upload  by the LTS Team. * CVE-2017-15370: heap-based buffer overflow in the  ImaExpandS function of ima_rw.c. * CVE-2017-15372: stack-based buffer  overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c. *  CVE-2017-18189: null pointer dereference caused by corrupt header  specifying zero channels, sending read_channels() into an infinite loop
. * CVE-2017-15642: use-after-free in output_message, triggered by crafted aiff
file.

* 14.4.1-5+deb8u2 (Thu, 28 Feb 2019 08:58:56 +0100) * Non-maintainer upload  by the LTS Team. * CVE-2017-15370: heap-based buffer overflow in the  ImaExpandS function of ima_rw.c. * CVE-2017-15372: stack-based buffer  overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c. *  CVE-2017-18189: null pointer dereference caused by corrupt header  specifying zero channels, sending read_channels() into an infinite loop
. * CVE-2017-15642: use-after-free in output_message, triggered by crafted aiff
file.
* Divide by zero in startread function in wav.c (CVE-2017-11332)
* Invalid memory read in read_samples function in hcom.c (CVE-2017-11358)
* Devide by zero in wavwritehdr function in wav.c (CVE-2017-11359)
* Reachable assertion abort in the function sox_append_comment()  (CVE-2017-15371)

Comment 1 Quality Assurance

2019-03-06 09:00:18 CET

--- mirror/ftp/4.2/unmaintained/4.2-0/source/sox_14.4.1-5.dsc
+++ apt/ucs_4.2-0-errata4.2-5/source/sox_14.4.1-5+deb8u3.dsc
@@ -1,3 +1,32 @@
+14.4.1-5+deb8u3 [Tue, 05 Mar 2019 16:43:06 +0100] Hugo Lefeuvre <hle@debian.org>:
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2017-15371: reachable assertion in sox_append_comment() (formats.c)
+    (Closes: #878809).
+  * CVE-2017-11359: divide-by-zero error wavwritehdr function (wav.c)
+    (Closes: #870328).
+  * CVE-2017-11332: divide-by-zero error in startread function (wav.c).
+  * CVE-2017-11358: invalid memory read in read_samples function (hcom.c).
+
+14.4.1-5+deb8u2 [Thu, 28 Feb 2019 08:58:56 +0100] Hugo Lefeuvre <hle@debian.org>:
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2017-15370: heap-based buffer overflow in the ImaExpandS function
+    of ima_rw.c (Closes: #878810).
+  * CVE-2017-15372: stack-based buffer overflow in the
+    lsx_ms_adpcm_block_expand_i function of adpcm.c (Closes: #878808).
+  * CVE-2017-18189: null pointer dereference caused by corrupt header
+    specifying zero channels, sending read_channels() into an infinite loop
+    (Closes: #881121).
+  * CVE-2017-15642: use-after-free in output_message, triggered by crafted
+    aiff file (Closes: #882144).
+
+14.4.1-5+deb8u1 [Sun, 24 Feb 2019 18:04:09 +0200] Adrian Bunk <bunk@debian.org>:
+
+  * Non-maintainer upload.
+  * Add patches for CVE-2014-8145 to series file and really apply fixes.
+    Thanks to Mike Salvatore for spotting the issue. (Closes: #773720)
+
 14.4.1-5 [Wed, 24 Dec 2014 14:33:55 -0500] Pascal Giard <pascal@debian.org>:
 
   * Patches to fix memory corruptions on the heap, CVE-2014-8145

<http://10.200.17.11/4.2-5/#6235472328956541635>

Comment 2 Philipp Hahn

2019-03-06 09:49:49 CET

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.2-5] 8460654b80 Bug #48870: sox 14.4.1-5+deb8u3
 doc/errata/staging/sox.yaml | 45 ++++++++++++---------------------------------
 1 file changed, 12 insertions(+), 33 deletions(-)

[4.2-5] 27dd165ca8 Bug #48870: sox 14.4.1-5+deb8u3
 doc/errata/staging/sox.yaml | 54 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

Comment 3 Arvid Requate

2019-03-06 14:24:28 CET

<http://errata.software-univention.de/ucs/4.2/612.html>