|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2018-19432: libsndfile: An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P4 - Low | CC: | meissner, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/219564/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2018-19432:5.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | oob_sf_write_int:2257 | ||
|
Description
Marcus Meissner
2018-11-22 07:30:48 UTC
Created attachment 790566 [details]
oob_sf_write_int:2257
QA REPRODUCER:
sndfile-deinterleave oob_sf_write_int:2257
should not segfault.
This isn't really a security matter; it's nothing but a crash of sndfile-deinterleave program, and not a bug in the library itself. That is, it's just a function call with wrong arguments from the specific program. The "fix" in the upstream is to add a check of the channels in sndfile-deinterleave program, and not about the library code. There is another change about the channel check in the library code that I'll take together in anyway, but that's basically a different issue. And actually this is the dup of bug 1100167, CVE-2018-13139. In the previous fix, I seem to have forgotten to patch libsndfile-progs.spec, so the bug still remains, but basically the fix patch is there. I'll resubmit the fix for libsndfile-progs and update the changelog. This is an autogenerated message for OBS integration: This bug (1116993) was mentioned in https://build.opensuse.org/request/show/651387 Factory / libsndfile Reassigned back to security team. This is an autogenerated message for OBS integration: This bug (1116993) was mentioned in https://build.opensuse.org/request/show/651403 Factory / libsndfile SUSE-SU-2021:2615-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): libsndfile-1.0.25-36.23.1 SUSE OpenStack Cloud 9 (src): libsndfile-1.0.25-36.23.1 SUSE OpenStack Cloud 8 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP5 (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): libsndfile-1.0.25-36.23.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): libsndfile-1.0.25-36.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:2764-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: SUSE Manager Server 4.0 (src): libsndfile-1.0.28-5.12.1 SUSE Manager Retail Branch Server 4.0 (src): libsndfile-1.0.28-5.12.1 SUSE Manager Proxy 4.0 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server for SAP 15 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Server 15-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): libsndfile-1.0.28-5.12.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): libsndfile-1.0.28-5.12.1 SUSE Enterprise Storage 6 (src): libsndfile-1.0.28-5.12.1 SUSE CaaS Platform 4.0 (src): libsndfile-1.0.28-5.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:2764-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: openSUSE Leap 15.3 (src): libsndfile-1.0.28-5.12.1, libsndfile-progs-1.0.28-5.12.1 openSUSE-SU-2021:1166-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1100167,1116993,1117954,1188540 CVE References: CVE-2018-13139,CVE-2018-19432,CVE-2018-19758,CVE-2021-3246 JIRA References: Sources used: openSUSE Leap 15.2 (src): libsndfile-1.0.28-lp152.6.3.1, libsndfile-progs-1.0.28-lp152.6.3.1 |