audiofile: Multiple security issues from March 2017

Bug #1674005 reported by Jeremy Bicha
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
audiofile (Ubuntu)
Fix Released
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
Trusty
Fix Released
Medium
Unassigned
Xenial
Fix Released
Medium
Unassigned
Yakkety
Fix Released
Medium
Unassigned

Bug Description

https://security-tracker.debian.org/tracker/source-package/audiofile
http://openwall.com/lists/oss-security/2017/02/26/
https://github.com/mpruett/audiofile/issues/32
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
https://github.com/mpruett/audiofile/commit/c48e4c6503

Fixed in Debian unstable 0.3.6-4 and synced to zesty.

debdiffs attached for 14.04 LTS and up. For 12.04 LTS, audiofile was in main so someone should probably try to apply the patches there too.

I've done no testing of these packages.

Jeremy Bicha (jbicha)
tags: added: 2015-7747
Jeremy Bicha (jbicha)
tags: added: trusty xenial yakkety
removed: 2015-7747
Revision history for this message
Jeremy Bicha (jbicha) wrote :
description: updated
Revision history for this message
Jeremy Bicha (jbicha) wrote :
Revision history for this message
Jeremy Bicha (jbicha) wrote :
Jeremy Bicha (jbicha)
description: updated
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs in comments 1, 2 and 3. I'm building them now with a slight change to add a missing CVE. I'll publish them once I've finished backporting to precise and have tested precise and trusty.

Thanks!

Mathew Hodson (mhodson)
Changed in audiofile (Ubuntu):
importance: Undecided → Medium
Changed in audiofile (Ubuntu Precise):
importance: Undecided → Medium
Changed in audiofile (Ubuntu Trusty):
importance: Undecided → Medium
Changed in audiofile (Ubuntu Xenial):
importance: Undecided → Medium
Changed in audiofile (Ubuntu Yakkety):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package audiofile - 0.3.6-2ubuntu0.16.04.1

---------------
audiofile (0.3.6-2ubuntu0.16.04.1) xenial-security; urgency=high

  * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
    - Apply patches from Debian 0.3.6-4:
      + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
      + 05_Always-check-the-number-of-coefficients.patch
      + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
      + 07_Check-for-multiplication-overflow-in-sfconvert.patch
      + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
      + 09_Actually-fail-when-error-occurs-in-parseFormat.patch
      + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
    - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
      CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
      CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
      CVE-2017-6839

 -- Jeremy Bicha <email address hidden> Thu, 16 Mar 2017 21:43:45 +0100

Changed in audiofile (Ubuntu Xenial):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package audiofile - 0.3.3-2ubuntu0.3

---------------
audiofile (0.3.3-2ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
    - Apply patches backported from Debian 0.3.6-4:
      + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
      + 05_Always-check-the-number-of-coefficients.patch
      + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
      + 07_Check-for-multiplication-overflow-in-sfconvert.patch
      + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
      + 09_Actually-fail-when-error-occurs-in-parseFormat.patch
      + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
    - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
      CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
      CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
      CVE-2017-6839
  * debian/patches/sfconvert_error_handling.patch: improve sfconvert error
    handling so we can test the reproducers.

 -- Marc Deslauriers <email address hidden> Wed, 22 Mar 2017 10:39:00 -0400

Changed in audiofile (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package audiofile - 0.3.6-2ubuntu0.14.04.2

---------------
audiofile (0.3.6-2ubuntu0.14.04.2) trusty-security; urgency=high

  * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
    - Apply patches from Debian 0.3.6-4:
      + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
      + 05_Always-check-the-number-of-coefficients.patch
      + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
      + 07_Check-for-multiplication-overflow-in-sfconvert.patch
      + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
      + 09_Actually-fail-when-error-occurs-in-parseFormat.patch
      + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
    - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
      CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
      CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
      CVE-2017-6839

 -- Jeremy Bicha <email address hidden> Thu, 16 Mar 2017 21:43:45 +0100

Changed in audiofile (Ubuntu Trusty):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package audiofile - 0.3.6-3ubuntu0.1

---------------
audiofile (0.3.6-3ubuntu0.1) yakkety-security; urgency=high

  * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
    - Apply patches from Debian 0.3.6-4:
      + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
      + 05_Always-check-the-number-of-coefficients.patch
      + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
      + 07_Check-for-multiplication-overflow-in-sfconvert.patch
      + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
      + 09_Actually-fail-when-error-occurs-in-parseFormat.patch
      + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
    - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
      CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
      CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
      CVE-2017-6839

 -- Jeremy Bicha <email address hidden> Thu, 16 Mar 2017 21:43:45 +0100

Changed in audiofile (Ubuntu Yakkety):
status: New → Fix Released
Changed in audiofile (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers