Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 699862 (CVE-2018-10392, CVE-2018-10393)

Summary: <media-libs/libvorbis-1.3.6-r1: multiple vulnerabilities (CVE-2018-{10392,10393})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: sound
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa+ cve]
Package list:
media-libs/libvorbis-1.3.6-r1
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 631646    
Deadline: 2019-12-06   

Description GLSAMaker/CVETool Bot gentoo-dev 2019-11-11 18:12:27 UTC
CVE-2018-10392 (https://nvd.nist.gov/vuln/detail/CVE-2018-10392):
  mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate
  the number of channels, which allows remote attackers to cause a denial of
  service (heap-based buffer overflow or over-read) or possibly have
  unspecified other impact via a crafted file.

CVE-2018-10393 (https://nvd.nist.gov/vuln/detail/CVE-2018-10393):
  bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based
  buffer over-read.
Comment 1 Larry the Git Cow gentoo-dev 2019-12-03 00:25:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=733260c31ddf36bc2450e9675eddc93329ab171d

commit 733260c31ddf36bc2450e9675eddc93329ab171d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-12-03 00:25:04 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-12-03 00:25:19 +0000

    media-libs/libvorbis: security bump
    
    Bug: https://bugs.gentoo.org/631646
    Bug: https://bugs.gentoo.org/699862
    Package-Manager: Portage-2.3.80, Repoman-2.3.19
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 .../files/libvorbis-1.3.6-CVE-2017-14160.patch     | 29 +++++++++++
 .../files/libvorbis-1.3.6-CVE-2018-10392.patch     | 25 +++++++++
 media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild     | 60 ++++++++++++++++++++++
 3 files changed, 114 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-03 00:28:20 UTC
Let's wait a few days, ebuild was migrated from EAPI 5 -> 7.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-15 15:14:23 UTC
New GLSA request filed.
Comment 4 Rolf Eike Beer archtester 2020-03-16 17:45:30 UTC
sparc stable
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-03-16 21:13:55 UTC
This issue was resolved and addressed in
 GLSA 202003-36 at https://security.gentoo.org/glsa/202003-36
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 6 Rolf Eike Beer archtester 2020-03-17 17:45:39 UTC
hppa stable
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-17 18:01:26 UTC
Re-opening for remaining architectures.
Comment 8 Mart Raudsepp gentoo-dev 2020-03-17 19:43:34 UTC
arm64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-03-18 08:50:12 UTC
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-03-18 09:46:29 UTC
arm stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-03-18 11:12:17 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-03-18 11:14:03 UTC
ppc64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2020-03-18 11:17:17 UTC
ia64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-03-18 15:22:34 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 15 NATTkA bot gentoo-dev 2020-04-06 15:05:08 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-18 02:38:51 UTC
@maintainer(s), ping, please cleanup
Comment 17 Larry the Git Cow gentoo-dev 2020-06-20 01:17:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a47277387474dd88ccd83c1f35247c291c3eb2a

commit 4a47277387474dd88ccd83c1f35247c291c3eb2a
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2020-06-20 01:17:22 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-20 01:17:22 +0000

    media-libs/libvorbis: drop vulnerable
    
    Bug: https://bugs.gentoo.org/699862
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 media-libs/libvorbis/libvorbis-1.3.6.ebuild | 39 -----------------------------
 1 file changed, 39 deletions(-)