Bug 618010 (CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742)

Summary:	<media-libs/libsndfile-1.0.28: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	slyfox, sound
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
See Also:	https://github.com/gentoo/gentoo/pull/7883
Whiteboard:	A2 [glsa+ cve]
Package list:	=media-libs/libsndfile-1.0.28-r1	Runtime testing required:	No
Bug Depends on:	618452
Bug Blocks:

Description Agostino Sarubbo gentoo-dev

2017-05-09 18:18:44 UTC

Details at $URL.



@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.

Comment 1 Yury German Gentoo Infrastructure

2017-05-10 03:52:14 UTC

VE ID: CVE-2017-7742
   Summary: In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
 Published: 2017-04-12T18:59:00.000Z

Comment 2 Agostino Sarubbo gentoo-dev

2017-05-10 09:34:17 UTC

amd64 stable

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2017-05-10 13:55:42 UTC

Stable for HPPA.

Comment 4 Agostino Sarubbo gentoo-dev

2017-05-10 15:46:09 UTC

x86 stable

Comment 5 Agostino Sarubbo gentoo-dev

2017-05-12 14:58:12 UTC

sparc stable

Comment 6 Tobias Klausmann (RETIRED) gentoo-dev

2017-05-12 18:00:11 UTC

Stable on alpha.

Comment 7 Michael Weber (RETIRED) gentoo-dev

2017-05-15 20:16:08 UTC

ppc ppc64 stable.

Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev

2017-05-19 22:30:23 UTC

ia64 stable

Comment 9 Yury German Gentoo Infrastructure

2017-05-21 07:40:28 UTC

Remaining arches are not part of security supported architectures, proceeding with security. Arches please stabilize as soon as possible to secure package.

New GLSA Request filed.

Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-03 10:52:41 UTC

Adding additional vulnerabilities to this bug which were also addressed in =media-libs/libsndfile-1.0.28.

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2017-06-03 10:53:34 UTC

CVE-2017-7586 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7586):
  In libsndfile before 1.0.28, an error in the "header_read()" function
  (common.c) when handling ID3 tags can be exploited to cause a stack-based
  buffer overflow via a specially crafted FLAC file.

CVE-2017-7585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7585):
  In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function
  (flac.c) can be exploited to cause a stack-based buffer overflow via a
  specially crafted FLAC file.

Comment 12 GLSAMaker/CVETool Bot gentoo-dev

2017-06-03 10:54:33 UTC

CVE-2017-7741 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7741):
  In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function
  (flac.c) can be exploited to cause a segmentation violation (with write
  memory access) via a specially crafted FLAC file during a resample attempt,
  a similar issue to CVE-2017-7585.

Comment 13 David Seifert gentoo-dev

2017-06-08 06:58:07 UTC

@maekke: TESTFAILURE fixed, could you please try again and stabilise arm?

Comment 14 GLSAMaker/CVETool Bot gentoo-dev

2017-07-08 12:34:05 UTC

This issue was resolved and addressed in
 GLSA 201707-04 at https://security.gentoo.org/glsa/201707-04
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 15 Thomas Deutschmann (RETIRED) gentoo-dev

2017-07-08 12:34:58 UTC

Re-opening for arm...

Comment 16 Mikle Kolyada (RETIRED) archtester

2018-03-15 15:23:18 UTC

arm stable

Comment 17 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-04-08 17:01:20 UTC

All done, thank you all.