Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 537422 (CVE-2014-9638, CVE-2014-9639, CVE-2014-9640) - <media-sound/vorbis-tools-1.4.0-r5: multiple vulnerabilities (CVE-2014-{9638,9639,9640})
Summary: <media-sound/vorbis-tools-1.4.0-r5: multiple vulnerabilities (CVE-2014-{9638,...
Status: RESOLVED FIXED
Alias: CVE-2014-9638, CVE-2014-9639, CVE-2014-9640
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-11331
  Show dependency tree
 
Reported: 2015-01-23 08:53 UTC by Agostino Sarubbo
Modified: 2018-11-24 23:00 UTC (History)
1 user (show)

See Also:
Package list:
media-sound/vorbis-tools-1.4.0-r5
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-01-23 08:53:27 UTC
From ${URL} :

Two issues were reported in vorbis-tools on Full Disclosure:

http://seclists.org/fulldisclosure/2015/Jan/78

Issues in question:

https://trac.xiph.org/ticket/2137
-- a divide-by-zero issue leading to a crash

https://trac.xiph.org/ticket/2136
-- an integer overflow leading to an out-of-bounds memory read

In addition:
https://trac.xiph.org/ticket/2009


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2015-02-13 18:11:32 UTC
CVE-2014-9640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9640):
  oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a
  denial of service (out-of-bounds read) via a crafted raw file.

CVE-2014-9639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9639):
  Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to
  cause a denial of service (crash) via a crafted number of channels in a WAV
  file, which triggers an out-of-bounds memory access.

CVE-2014-9638 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9638):
  oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of
  service (divide-by-zero error and crash) via a WAV file with the number of
  channels set to zero.
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-01-21 14:49:29 UTC
Upstream patch for https://trac.xiph.org/ticket/2136 (CVE-2014-9639) and
https://trac.xiph.org/ticket/2137 (CVE-2014-9638):

https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e


Upstream patch for https://trac.xiph.org/ticket/2009 (CVE-2014-9640) https://trac.xiph.org/changeset/19117


@ Maintainer(s): No new upstream release for years. Please rev bump and cherry-pick!
Comment 3 Andreas Sturmlechner gentoo-dev 2018-06-10 10:44:53 UTC
If no one else is doing it...
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-06-10 18:50:47 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2018-06-11 07:35:54 UTC
amd64 stable
Comment 6 Larry the Git Cow gentoo-dev 2018-06-11 10:52:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dfc5ae242f93ece77c3a3c9521b8425f9412315

commit 2dfc5ae242f93ece77c3a3c9521b8425f9412315
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-11 10:51:42 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-11 10:52:01 +0000

    media-sound/vorbis-tools: stable 1.4.0-r5 for ia64, bug #537422
    
    Bug: https://bugs.gentoo.org/537422
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-sound/vorbis-tools/vorbis-tools-1.4.0-r5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Larry the Git Cow gentoo-dev 2018-06-12 20:48:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db2d2ab2036eb73c74b9558c528bfa35653f7644

commit db2d2ab2036eb73c74b9558c528bfa35653f7644
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-12 18:49:15 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-12 20:47:54 +0000

    media-sound/vorbis-tools: stable 1.4.0-r5 for sparc
    
    Bug: https://bugs.gentoo.org/537422
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 media-sound/vorbis-tools/vorbis-tools-1.4.0-r5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 8 Tobias Klausmann gentoo-dev 2018-06-21 07:27:47 UTC
Stable on alpha.
Comment 9 Larry the Git Cow gentoo-dev 2018-06-24 20:22:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9afc87376c3585285280d6fb4825bb42a00d24d0

commit 9afc87376c3585285280d6fb4825bb42a00d24d0
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 19:46:37 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 20:20:18 +0000

    media-sound/vorbis-tools: stable 1.4.0-r5 for ppc64, bug #537422
    
    Bug: https://bugs.gentoo.org/537422
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 media-sound/vorbis-tools/vorbis-tools-1.4.0-r5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-06-26 15:41:59 UTC
arm stable
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-07-12 00:07:06 UTC
ppc stable
Comment 12 Larry the Git Cow gentoo-dev 2018-07-15 23:45:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e4925d1c1aa39bacd24a5f575d21e2a08dcc02d

commit 7e4925d1c1aa39bacd24a5f575d21e2a08dcc02d
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-07-15 23:32:38 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-07-15 23:45:27 +0000

    media-sound/vorbis-tools: Cleanup vulnerable
    
    Bug: https://bugs.gentoo.org/537422
    Package-Manager: Portage-2.3.42, Repoman-2.3.9

 .../vorbis-tools/vorbis-tools-1.4.0-r3.ebuild      | 45 ----------------------
 1 file changed, 45 deletions(-)
Comment 13 Andreas Sturmlechner gentoo-dev 2018-08-22 19:43:23 UTC
ping sec...
Comment 14 Andreas Sturmlechner gentoo-dev 2018-09-14 18:04:10 UTC
...well, package maintainers are done, here, anyway...
Comment 15 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-11-24 23:00:10 UTC
All I see are DoS' here...

tree is clean.