634814 – (CVE-2017-15642) <media-sound/sox-14.4.2-r1: Use-After-Free vulnerability when given a malformed AIFF file

Bug 634814 (CVE-2017-15642) - <media-sound/sox-14.4.2-r1: Use-After-Free vulnerability when given a malformed AIFF file

Summary: <media-sound/sox-14.4.2-r1: Use-After-Free vulnerability when given a malform...

Status:	RESOLVED FIXED

Alias:	CVE-2017-15642

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa+ cve]
Keywords:

Depends on:
Blocks:	CVE-2017-11332, CVE-2017-11359 CVE-2017-11358 CVE-2017-15370, CVE-2017-15371, CVE-2017-15372
	Show dependency tree

Reported:	2017-10-19 20:12 UTC by Aleksandr Wagner (Kivak)
Modified:	2018-10-06 17:01 UTC (History)
CC List:	0 users

See Also:	https://github.com/gentoo/gentoo/pull/9695
Package list:	media-sound/sox-14.4.2-r1
Runtime testing required:	---

Flags:	bman: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aleksandr Wagner (Kivak) 2017-10-19 20:12:56 UTC

CVE-2017-15642 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15642):

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. 

References:

https://sourceforge.net/p/sox/bugs/298/

Comment 1 Larry the Git Cow gentoo-dev

2018-06-11 00:04:37 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab144c7631ebe685ffec603e48824403fcd00cdd

commit ab144c7631ebe685ffec603e48824403fcd00cdd
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-06-10 23:45:11 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-06-11 00:04:20 +0000

    media-sound/sox: A truckload of security
    
    Kindly provided by Debian packaging...
    
    Bug: https://bugs.gentoo.org/627570
    Bug: https://bugs.gentoo.org/626702
    Bug: https://bugs.gentoo.org/634814
    Bug: https://bugs.gentoo.org/634450
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../sox/files/sox-14.4.2-CVE-2017-11332.patch      | 25 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-11333.patch      | 43 ++++++++++
 .../sox/files/sox-14.4.2-CVE-2017-11358.patch      | 26 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-11359.patch      | 27 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-15370.patch      | 25 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-15371.patch      | 37 +++++++++
 .../sox/files/sox-14.4.2-CVE-2017-15372.patch      | 97 ++++++++++++++++++++++
 .../sox/files/sox-14.4.2-CVE-2017-15642.patch      | 28 +++++++
 .../sox/files/sox-14.4.2-CVE-2017-18189.patch      | 30 +++++++
 .../sox-14.4.2-wavpack-chk-errors-on-init.patch    | 35 ++++++++
 media-sound/sox/sox-14.4.2-r1.ebuild               | 13 +++
 11 files changed, 386 insertions(+)

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-06-11 14:47:24 UTC

@arches, please stabilize.

Comment 3 Larry the Git Cow gentoo-dev

2018-06-12 08:43:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e5bf40bb79312c0aaa30843ad0a133de80a93ea

commit 2e5bf40bb79312c0aaa30843ad0a133de80a93ea
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-12 08:43:23 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-12 08:43:23 +0000

    media-sound/sox: stable 14.4.2-r1 for ia64, bug #634814
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-sound/sox/sox-14.4.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2018-06-12 11:38:37 UTC

x86 stable

Comment 5 Mikle Kolyada (RETIRED) archtester

2018-06-12 18:22:09 UTC

amd64 stable

Comment 6 Larry the Git Cow gentoo-dev

2018-06-19 19:12:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9474d0899140c81d71658a962e7526d4aa6a6b42

commit 9474d0899140c81d71658a962e7526d4aa6a6b42
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-19 05:44:24 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-19 19:12:42 +0000

    media-sound/sox: stable 14.4.2-r1 for sparc
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="sparc"

 media-sound/sox/sox-14.4.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 7 Tobias Klausmann (RETIRED) gentoo-dev

2018-06-21 07:28:04 UTC

Stable on alpha.

Comment 8 Larry the Git Cow gentoo-dev

2018-06-24 20:21:45 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e83a0fd8582c1c65d42d6f2ab4950dff08b64e64

commit e83a0fd8582c1c65d42d6f2ab4950dff08b64e64
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 19:46:51 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 20:20:19 +0000

    media-sound/sox: stable 14.4.2-r1 for ppc64, bug #634814
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 media-sound/sox/sox-14.4.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 9 Markus Meier gentoo-dev

2018-07-07 10:44:28 UTC

arm stable

Comment 10 ernsteiswuerfel archtester

2018-07-08 20:07:02 UTC

Looking good on ppc.

T800 ~/tatt # cat sox-634814.report 
USE tests started on So 8. Jul 19:44:59 CEST 2018

USE='-alsa -amr ao -encode -flac id3tag ladspa mad -ogg -openmp opus oss -png -pulseaudio -sndfile static-libs -twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE tests started on So 8. Jul 19:56:29 CEST 2018

USE='-alsa -amr ao -encode -flac id3tag ladspa mad -ogg -openmp opus oss -png -pulseaudio -sndfile static-libs -twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr ao encode flac id3tag ladspa mad -ogg -openmp opus -oss png -pulseaudio sndfile static-libs -twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa amr -ao -encode flac id3tag -ladspa mad -ogg openmp -opus oss png -pulseaudio -sndfile static-libs twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa amr ao -encode -flac -id3tag ladspa -mad ogg -openmp -opus oss png -pulseaudio sndfile static-libs twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa amr -ao encode -flac -id3tag ladspa mad ogg -openmp -opus oss -png pulseaudio -sndfile -static-libs -twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr -ao encode -flac id3tag ladspa -mad -ogg -openmp -opus oss png -pulseaudio sndfile -static-libs -twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa -amr -ao -encode -flac -id3tag ladspa mad -ogg openmp -opus -oss -png pulseaudio -sndfile static-libs -twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa amr -ao encode -flac id3tag -ladspa -mad -ogg openmp opus -oss png -pulseaudio -sndfile -static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa -amr -ao encode -flac -id3tag ladspa -mad -ogg openmp -opus oss png -pulseaudio sndfile -static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr ao encode -flac -id3tag ladspa mad ogg openmp opus -oss -png pulseaudio sndfile -static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa -amr ao encode -flac -id3tag ladspa -mad -ogg openmp opus oss -png -pulseaudio -sndfile static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr -ao -encode -flac id3tag -ladspa -mad ogg openmp opus oss -png -pulseaudio -sndfile static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
 FEATURES= test succeeded for =media-sound/sox-14.4.2-r1

revdep tests started on So 8. Jul 21:19:02 CEST 2018

FEATURES= test USE='vorbis' succeeded for app-cdr/graveman
FEATURES= test USE='sox' succeeded for media-video/kino
FEATURES= test USE='' succeeded for app-cdr/burncdda
FEATURES= test USE='' succeeded for app-accessibility/festival-freebsoft-utils
FEATURES= test USE='' succeeded for app-accessibility/espeak

Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-05 20:40:32 UTC

ppc stable. Thanks to ernsteiswuerfel!

Comment 12 Larry the Git Cow gentoo-dev

2018-08-25 21:30:54 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=826b1d1d564a2d653cbb7083fc2027caecc2b89a

commit 826b1d1d564a2d653cbb7083fc2027caecc2b89a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-08-22 19:42:11 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-08-25 21:29:52 +0000

    media-sound/sox: Cleanup vulnerable
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.48, Repoman-2.3.10

 media-sound/sox/sox-14.4.2.ebuild | 76 ---------------------------------------
 1 file changed, 76 deletions(-)

Comment 13 Andreas Sturmlechner gentoo-dev

2018-09-14 19:53:34 UTC

sound is done here, anyway...

Comment 14 Yury German Gentoo Infrastructure

2018-09-30 21:41:17 UTC

Arches and Maintainer(s). Thank you for your work.

GLSA Vote: Yes

Comment 15 GLSAMaker/CVETool Bot gentoo-dev

2018-10-06 17:01:58 UTC

This issue was resolved and addressed in
 GLSA 201810-02 at https://security.gentoo.org/glsa/201810-02
by GLSA coordinator Aaron Bauman (b-man).