Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 699862 (CVE-2018-10392, CVE-2018-10393) - <media-libs/libvorbis-1.3.6-r1: multiple vulnerabilities (CVE-2018-{10392,10393})
Summary: <media-libs/libvorbis-1.3.6-r1: multiple vulnerabilities (CVE-2018-{10392,103...
Status: RESOLVED FIXED
Alias: CVE-2018-10392, CVE-2018-10393
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Deadline: 2019-12-06
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks: CVE-2017-14160
  Show dependency tree
 
Reported: 2019-11-11 18:12 UTC by GLSAMaker/CVETool Bot
Modified: 2020-06-20 01:18 UTC (History)
1 user (show)

See Also:
Package list:
media-libs/libvorbis-1.3.6-r1
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-11-11 18:12:27 UTC 
CVE-2018-10392 (https://nvd.nist.gov/vuln/detail/CVE-2018-10392):
  mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate
  the number of channels, which allows remote attackers to cause a denial of
  service (heap-based buffer overflow or over-read) or possibly have
  unspecified other impact via a crafted file.

CVE-2018-10393 (https://nvd.nist.gov/vuln/detail/CVE-2018-10393):
  bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based
  buffer over-read.
Comment 1 Larry the Git Cow gentoo-dev 2019-12-03 00:25:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=733260c31ddf36bc2450e9675eddc93329ab171d

commit 733260c31ddf36bc2450e9675eddc93329ab171d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-12-03 00:25:04 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-12-03 00:25:19 +0000

    media-libs/libvorbis: security bump
    
    Bug: https://bugs.gentoo.org/631646
    Bug: https://bugs.gentoo.org/699862
    Package-Manager: Portage-2.3.80, Repoman-2.3.19
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 .../files/libvorbis-1.3.6-CVE-2017-14160.patch     | 29 +++++++++++
 .../files/libvorbis-1.3.6-CVE-2018-10392.patch     | 25 +++++++++
 media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild     | 60 ++++++++++++++++++++++
 3 files changed, 114 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-03 00:28:20 UTC 
Let's wait a few days, ebuild was migrated from EAPI 5 -> 7.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-15 15:14:23 UTC 
New GLSA request filed.
Comment 4 Rolf Eike Beer archtester 2020-03-16 17:45:30 UTC 
sparc stable
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-03-16 21:13:55 UTC 
This issue was resolved and addressed in
 GLSA 202003-36 at https://security.gentoo.org/glsa/202003-36
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 6 Rolf Eike Beer archtester 2020-03-17 17:45:39 UTC 
hppa stable
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-17 18:01:26 UTC 
Re-opening for remaining architectures.
Comment 8 Mart Raudsepp gentoo-dev 2020-03-17 19:43:34 UTC 
arm64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-03-18 08:50:12 UTC 
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-03-18 09:46:29 UTC 
arm stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-03-18 11:12:17 UTC 
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-03-18 11:14:03 UTC 
ppc64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2020-03-18 11:17:17 UTC 
ia64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-03-18 15:22:34 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 15 NATTkA bot gentoo-dev 2020-04-06 15:05:08 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-18 02:38:51 UTC 
@maintainer(s), ping, please cleanup
Comment 17 Larry the Git Cow gentoo-dev 2020-06-20 01:17:54 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a47277387474dd88ccd83c1f35247c291c3eb2a

commit 4a47277387474dd88ccd83c1f35247c291c3eb2a
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2020-06-20 01:17:22 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-20 01:17:22 +0000

    media-libs/libvorbis: drop vulnerable
    
    Bug: https://bugs.gentoo.org/699862
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 media-libs/libvorbis/libvorbis-1.3.6.ebuild | 39 -----------------------------
 1 file changed, 39 deletions(-)