Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 634814 (CVE-2017-15642) - <media-sound/sox-14.4.2-r1: Use-After-Free vulnerability when given a malformed AIFF file
Summary: <media-sound/sox-14.4.2-r1: Use-After-Free vulnerability when given a malform...
Status: RESOLVED FIXED
Alias: CVE-2017-15642
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks: CVE-2017-11332, CVE-2017-11359 CVE-2017-11358 CVE-2017-15370, CVE-2017-15371, CVE-2017-15372
  Show dependency tree
 
Reported: 2017-10-19 20:12 UTC by Aleksandr Wagner (Kivak)
Modified: 2018-10-06 17:01 UTC (History)
0 users

See Also:
Package list:
media-sound/sox-14.4.2-r1
Runtime testing required: ---
bman: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-10-19 20:12:56 UTC
CVE-2017-15642 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15642):

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. 

References:

https://sourceforge.net/p/sox/bugs/298/
Comment 1 Larry the Git Cow gentoo-dev 2018-06-11 00:04:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab144c7631ebe685ffec603e48824403fcd00cdd

commit ab144c7631ebe685ffec603e48824403fcd00cdd
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-06-10 23:45:11 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-06-11 00:04:20 +0000

    media-sound/sox: A truckload of security
    
    Kindly provided by Debian packaging...
    
    Bug: https://bugs.gentoo.org/627570
    Bug: https://bugs.gentoo.org/626702
    Bug: https://bugs.gentoo.org/634814
    Bug: https://bugs.gentoo.org/634450
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../sox/files/sox-14.4.2-CVE-2017-11332.patch      | 25 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-11333.patch      | 43 ++++++++++
 .../sox/files/sox-14.4.2-CVE-2017-11358.patch      | 26 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-11359.patch      | 27 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-15370.patch      | 25 ++++++
 .../sox/files/sox-14.4.2-CVE-2017-15371.patch      | 37 +++++++++
 .../sox/files/sox-14.4.2-CVE-2017-15372.patch      | 97 ++++++++++++++++++++++
 .../sox/files/sox-14.4.2-CVE-2017-15642.patch      | 28 +++++++
 .../sox/files/sox-14.4.2-CVE-2017-18189.patch      | 30 +++++++
 .../sox-14.4.2-wavpack-chk-errors-on-init.patch    | 35 ++++++++
 media-sound/sox/sox-14.4.2-r1.ebuild               | 13 +++
 11 files changed, 386 insertions(+)
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-06-11 14:47:24 UTC
@arches, please stabilize.
Comment 3 Larry the Git Cow gentoo-dev 2018-06-12 08:43:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e5bf40bb79312c0aaa30843ad0a133de80a93ea

commit 2e5bf40bb79312c0aaa30843ad0a133de80a93ea
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-12 08:43:23 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-12 08:43:23 +0000

    media-sound/sox: stable 14.4.2-r1 for ia64, bug #634814
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-sound/sox/sox-14.4.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-06-12 11:38:37 UTC
x86 stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-06-12 18:22:09 UTC
amd64 stable
Comment 6 Larry the Git Cow gentoo-dev 2018-06-19 19:12:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9474d0899140c81d71658a962e7526d4aa6a6b42

commit 9474d0899140c81d71658a962e7526d4aa6a6b42
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-19 05:44:24 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-19 19:12:42 +0000

    media-sound/sox: stable 14.4.2-r1 for sparc
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="sparc"

 media-sound/sox/sox-14.4.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Tobias Klausmann gentoo-dev 2018-06-21 07:28:04 UTC
Stable on alpha.
Comment 8 Larry the Git Cow gentoo-dev 2018-06-24 20:21:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e83a0fd8582c1c65d42d6f2ab4950dff08b64e64

commit e83a0fd8582c1c65d42d6f2ab4950dff08b64e64
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 19:46:51 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 20:20:19 +0000

    media-sound/sox: stable 14.4.2-r1 for ppc64, bug #634814
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 media-sound/sox/sox-14.4.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 9 Markus Meier gentoo-dev 2018-07-07 10:44:28 UTC
arm stable
Comment 10 ernsteiswuerfel 2018-07-08 20:07:02 UTC
Looking good on ppc.

T800 ~/tatt # cat sox-634814.report 
USE tests started on So 8. Jul 19:44:59 CEST 2018

USE='-alsa -amr ao -encode -flac id3tag ladspa mad -ogg -openmp opus oss -png -pulseaudio -sndfile static-libs -twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE tests started on So 8. Jul 19:56:29 CEST 2018

USE='-alsa -amr ao -encode -flac id3tag ladspa mad -ogg -openmp opus oss -png -pulseaudio -sndfile static-libs -twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr ao encode flac id3tag ladspa mad -ogg -openmp opus -oss png -pulseaudio sndfile static-libs -twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa amr -ao -encode flac id3tag -ladspa mad -ogg openmp -opus oss png -pulseaudio -sndfile static-libs twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa amr ao -encode -flac -id3tag ladspa -mad ogg -openmp -opus oss png -pulseaudio sndfile static-libs twolame -wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa amr -ao encode -flac -id3tag ladspa mad ogg -openmp -opus oss -png pulseaudio -sndfile -static-libs -twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr -ao encode -flac id3tag ladspa -mad -ogg -openmp -opus oss png -pulseaudio sndfile -static-libs -twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa -amr -ao -encode -flac -id3tag ladspa mad -ogg openmp -opus -oss -png pulseaudio -sndfile static-libs -twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa amr -ao encode -flac id3tag -ladspa -mad -ogg openmp opus -oss png -pulseaudio -sndfile -static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa -amr -ao encode -flac -id3tag ladspa -mad -ogg openmp -opus oss png -pulseaudio sndfile -static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr ao encode -flac -id3tag ladspa mad ogg openmp opus -oss -png pulseaudio sndfile -static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='-alsa -amr ao encode -flac -id3tag ladspa -mad -ogg openmp opus oss -png -pulseaudio -sndfile static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
USE='alsa -amr -ao -encode -flac id3tag -ladspa -mad ogg openmp opus oss -png -pulseaudio -sndfile static-libs twolame wavpack'  succeeded for =media-sound/sox-14.4.2-r1
 FEATURES= test succeeded for =media-sound/sox-14.4.2-r1

revdep tests started on So 8. Jul 21:19:02 CEST 2018

FEATURES= test USE='vorbis' succeeded for app-cdr/graveman
FEATURES= test USE='sox' succeeded for media-video/kino
FEATURES= test USE='' succeeded for app-cdr/burncdda
FEATURES= test USE='' succeeded for app-accessibility/festival-freebsoft-utils
FEATURES= test USE='' succeeded for app-accessibility/espeak
Comment 11 Sergei Trofimovich gentoo-dev 2018-08-05 20:40:32 UTC
ppc stable. Thanks to ernsteiswuerfel!
Comment 12 Larry the Git Cow gentoo-dev 2018-08-25 21:30:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=826b1d1d564a2d653cbb7083fc2027caecc2b89a

commit 826b1d1d564a2d653cbb7083fc2027caecc2b89a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-08-22 19:42:11 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-08-25 21:29:52 +0000

    media-sound/sox: Cleanup vulnerable
    
    Bug: https://bugs.gentoo.org/634814
    Package-Manager: Portage-2.3.48, Repoman-2.3.10

 media-sound/sox/sox-14.4.2.ebuild | 76 ---------------------------------------
 1 file changed, 76 deletions(-)
Comment 13 Andreas Sturmlechner gentoo-dev 2018-09-14 19:53:34 UTC
sound is done here, anyway...
Comment 14 Yury German Gentoo Infrastructure gentoo-dev Security 2018-09-30 21:41:17 UTC
Arches and Maintainer(s). Thank you for your work.

GLSA Vote: Yes
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2018-10-06 17:01:58 UTC
This issue was resolved and addressed in
 GLSA 201810-02 at https://security.gentoo.org/glsa/201810-02
by GLSA coordinator Aaron Bauman (b-man).