https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/ https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/ https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/ https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
CVE-2017-8365 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8365): The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. CVE-2017-8363 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8363): The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. CVE-2017-8362 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8362): The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. CVE-2017-8361 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8361): The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8fc21b710b18e21dfba9506f666ec18744a3e64 commit b8fc21b710b18e21dfba9506f666ec18744a3e64 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-03 19:16:17 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-03 19:22:05 +0000 media-libs/libsndfile: Fix multiple vulnerabilities Bug: https://bugs.gentoo.org/618016 Bug: https://bugs.gentoo.org/631634 Bug: https://bugs.gentoo.org/624814 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 .../files/libsndfile-1.0.28-CVE-2017-14634.patch | 35 +++++++++++ .../files/libsndfile-1.0.28-CVE-2017-6892.patch | 25 ++++++++ .../files/libsndfile-1.0.28-CVE-2017-8362.patch | 50 ++++++++++++++++ .../files/libsndfile-1.0.28-CVE-2017-8363.patch | 28 +++++++++ .../files/libsndfile-1.0.28-CVE-2017-8365.patch | 64 ++++++++++++++++++++ .../files/libsndfile-1.0.28-CVE-2018-13139.patch | 2 +- media-libs/libsndfile/libsndfile-1.0.28-r4.ebuild | 70 ++++++++++++++++++++++ 7 files changed, 273 insertions(+), 1 deletion(-)
An automated check of this bug failed - the following atom is unknown: <media-libs/libsndfile-1.0.28-r4 Please verify the atom list.
amd64 stable
ia64 stable
x86 stable
ppc/ppc64 stable
hppa stable
Stable on alpha.
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fa1d3aa440927c9b17c5ff3fc5bc1a5909880bf commit 3fa1d3aa440927c9b17c5ff3fc5bc1a5909880bf Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-11-04 22:49:02 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-11-04 22:50:43 +0000 media-libs/libsndfile: Security cleanup Bug: https://bugs.gentoo.org/618016 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild | 67 ----------------------- 1 file changed, 67 deletions(-)
sparc stable
This issue was resolved and addressed in GLSA 201811-23 at https://security.gentoo.org/glsa/201811-23 by GLSA coordinator Aaron Bauman (b-man).