Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 633840 (CVE-2017-15185) - <media-libs/libmp3splt-0.9.2-r1: denial of service via a crafted file in vorbis_block_clear function
Summary: <media-libs/libmp3splt-0.9.2-r1: denial of service via a crafted file in vorb...
Status: RESOLVED FIXED
Alias: CVE-2017-15185
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 682550
Blocks:
  Show dependency tree
 
Reported: 2017-10-09 14:15 UTC by Aleksandr Wagner (Kivak)
Modified: 2019-05-02 22:24 UTC (History)
1 user (show)

See Also:
Package list:
media-libs/libmp3splt-0.9.2-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-10-09 14:15:21 UTC
CVE-2017-15185 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15185):

plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 

References:

https://www.exploit-db.com/exploits/42399/
http://seclists.org/fulldisclosure/2017/Jul/82
https://lists.debian.org/debian-lts/2017/09/msg00115.html
https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932

Patch: 
https://anonscm.debian.org/cgit/users/ron/mp3splt.git/patch/?id=18f018cd774cb931116ce06a520dc0c5f9443932
Comment 1 Larry the Git Cow gentoo-dev 2018-05-05 00:47:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77b4de07de7b74bba15ac1c62332ed2aa2143cb

commit c77b4de07de7b74bba15ac1c62332ed2aa2143cb
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-05-05 00:46:54 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-05-05 00:46:54 +0000

    media-libs/libmp3splt: add CVE-2017-15185 DoS patch
    
    Bug: https://bugs.gentoo.org/633840
    Package-Manager: Portage-2.3.36, Repoman-2.3.9

 media-libs/libmp3splt/files/CVE-2017-15185.patch | 41 +++++++++++++++++++
 media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 52 ++++++++++++++++++++++++
 2 files changed, 93 insertions(+)
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-05-05 00:49:00 UTC
@arches, please stabilize.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-05-07 00:25:38 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2018-05-07 09:01:39 UTC
amd64 stable
Comment 5 Larry the Git Cow gentoo-dev 2018-05-08 18:43:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e074fd299e7c7ccad3b66863796cff8ae6260dee

commit e074fd299e7c7ccad3b66863796cff8ae6260dee
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-05-08 18:11:27 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-08 18:42:38 +0000

    media-libs/libmp3splt: stable 0.9.2-r1 for sparc
    
    Bug: https://bugs.gentoo.org/633840
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2018-05-14 11:50:15 UTC
Stable on alpha.
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2018-05-14 21:26:32 UTC
@maintainer(s), please clean the vulnerable

GLSA Vote: No
Comment 8 Aaron Bauman (RETIRED) gentoo-dev 2018-06-11 15:54:33 UTC
GLSA Vote: No
Comment 9 Larry the Git Cow gentoo-dev 2018-06-11 15:54:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b7c9e8a1bdfcb92c92ed6d7d5d4211e3823874e

commit 2b7c9e8a1bdfcb92c92ed6d7d5d4211e3823874e
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-06-11 15:54:04 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-06-11 15:54:04 +0000

    media-libs/libmp3splt: drop vulnerable
    
    Bug: https://bugs.gentoo.org/633840
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 media-libs/libmp3splt/Manifest                 |  1 -
 media-libs/libmp3splt/libmp3splt-0.9.1a.ebuild | 50 -------------------------
 media-libs/libmp3splt/libmp3splt-0.9.2.ebuild  | 51 --------------------------
 3 files changed, 102 deletions(-)
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2018-06-11 16:17:04 UTC
re-opened.  cleanup is delayed as some other things need fixing...

https://qa-reports.gentoo.org/output/gentoo-ci/56de7a4/output.html#media-sound/mp3splt
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2019-05-02 22:24:36 UTC
for real this time...