Summary: | <media-libs/flac-1.3.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sound |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/02/13/6 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
=media-libs/flac-1.3.2-r1
|
Runtime testing required: | No |
Bug Depends on: | 604718 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-02-14 16:09:35 UTC
and from http://www.openwall.com/lists/oss-security/2015/02/14/4 : I think I haven't posted this here yet: Also recently fuzzed flac with afl and found something: https://git.xiph.org/?p=flac.git;a=commit;h=43ba7ad05f1656e885ce2f34a9a72494f45705ae https://sourceforge.net/p/flac/bugs/421/ Crashing sample is attached to the bug report. What happens is that flac does an malloc for the number of comments. If that fails due to an insane number of comments it'll fail, but it will still try to access the non-allocated memory. I think the upstream fix is not optimal - it limits the amount of allowed comments. That probably fixes this in most situations, but it still leaves problems, because it doesn't check for malloc failures. Fixes are not yet released; I ping'ed upstream (https://github.com/xiph/flac/issues/19) to request a new release. @ Maintainer(s): v1.3.2 which contains the fix was released today. In tree via https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/flac?id=32d9af62ee97eb977b752b5f507a6cda897de5a2 @ Maintainer(s): Can we stabilize: =media-libs/flac-1.3.2 I've done some minor touchups - please proceed with stabilization. @ Arches, please test and mark stable: =media-libs/flac-1.3.2 amd64 stable arm stable An automated check of this bug failed - the following atom is unknown: media-libs/flac-1.3.2-r1 Please verify the atom list. An automated check of this bug failed - the following atom is unknown: media-libs/flac-1.3.2-r1 Please verify the atom list. ppc stable Stable on alpha. x86 stable ia64 stable sparc stable ppc64 stable Stable for HPPA. No ACE/RCE, downgraded to B3. GLSA Vote: No @ Maintainer(s): Please cleanup and drop =media-libs/flac-1.3.1-r1! Arches and Maintainer(s), Thank you for your work. Tree is clean. |