Bug 1033915 - (CVE-2017-7741) VUL-0: CVE-2017-7741: libsndfile: versions before 1.0.28 have write memory access issue on function flac_buffer_copy()
(CVE-2017-7741)
VUL-0: CVE-2017-7741: libsndfile: versions before 1.0.28 have write memory ac...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/183559/
CVSSv2:SUSE:CVE-2017-7741:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-13 05:51 UTC by Victor Pereira
Modified: 2018-10-04 22:45 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-04-13 05:51:29 UTC
CVE-2017-7741

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function
(flac.c) can be exploited to cause a segmentation violation (with write memory
access) via a specially crafted FLAC file during a resample attempt, a similar
issue to CVE-2017-7585.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7741
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7741.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7741
http://www.cvedetails.com/cve/CVE-2017-7741/
https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
Comment 1 Takashi Iwai 2017-04-13 08:41:36 UTC
I suppose the fix is identical with CVE-2017-7585?

Do I need to resubmit with the updated changelog?
Comment 2 Marcus Meissner 2017-04-13 08:56:38 UTC
is it the same fix?
Comment 3 Takashi Iwai 2017-04-13 09:00:42 UTC
NVD points to the same commit ID as the fix.
  https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0

And I noticed that bsc#1033054 already mentions three CVE's.
Comment 5 Swamp Workflow Management 2017-04-18 10:11:48 UTC
SUSE-SU-2017:1030-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033054,1033914,1033915
CVE References: CVE-2017-7585,CVE-2017-7741,CVE-2017-7742
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libsndfile-1.0.20-2.13.1
SUSE Linux Enterprise Server 11-SP4 (src):    libsndfile-1.0.20-2.13.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libsndfile-1.0.20-2.13.1
Comment 6 Swamp Workflow Management 2017-04-18 13:10:20 UTC
SUSE-SU-2017:1040-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033053,1033054,1033914,1033915
CVE References: CVE-2017-7585,CVE-2017-7586,CVE-2017-7741,CVE-2017-7742
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libsndfile-1.0.25-28.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libsndfile-1.0.25-28.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libsndfile-1.0.25-28.1
SUSE Linux Enterprise Server 12-SP2 (src):    libsndfile-1.0.25-28.1
SUSE Linux Enterprise Server 12-SP1 (src):    libsndfile-1.0.25-28.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libsndfile-1.0.25-28.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libsndfile-1.0.25-28.1
Comment 7 Takashi Iwai 2017-04-18 20:11:56 UTC
The fix was submitted to both SLE11 and SLE12.
Reassigned back to security team.
Comment 8 Marcus Meissner 2017-04-24 11:33:01 UTC
released. changes diff queued for potential next update
Comment 9 Swamp Workflow Management 2017-04-26 16:11:43 UTC
openSUSE-SU-2017:1107-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033053,1033054,1033914,1033915
CVE References: CVE-2017-7585,CVE-2017-7586,CVE-2017-7741,CVE-2017-7742
Sources used:
openSUSE Leap 42.2 (src):    libsndfile-1.0.25-26.3.1, libsndfile-progs-1.0.25-26.3.1
openSUSE Leap 42.1 (src):    libsndfile-1.0.25-27.1, libsndfile-progs-1.0.25-27.1
Comment 12 Swamp Workflow Management 2017-05-10 22:09:44 UTC
SUSE-SU-2017:1236-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033054,1033914,1033915,1036943,1036944,1036945,1036946
CVE References: CVE-2017-7585,CVE-2017-7741,CVE-2017-7742,CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libsndfile-1.0.20-2.18.1
SUSE Linux Enterprise Server 11-SP4 (src):    libsndfile-1.0.20-2.18.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libsndfile-1.0.20-2.18.1
Comment 14 Swamp Workflow Management 2017-05-17 10:03:23 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-05-31.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63616
Comment 15 Swamp Workflow Management 2017-05-22 13:11:10 UTC
SUSE-SU-2017:1367-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1033054,1033914,1033915,1036943,1036944,1036945,1036946,1038856
CVE References: CVE-2017-7585,CVE-2017-7741,CVE-2017-7742,CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libsndfile-1.0.25-35.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libsndfile-1.0.25-35.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libsndfile-1.0.25-35.1
SUSE Linux Enterprise Server 12-SP2 (src):    libsndfile-1.0.25-35.1
SUSE Linux Enterprise Server 12-SP1 (src):    libsndfile-1.0.25-35.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libsndfile-1.0.25-35.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libsndfile-1.0.25-35.1
Comment 16 Swamp Workflow Management 2017-05-28 01:10:03 UTC
openSUSE-SU-2017:1427-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1033054,1033914,1033915,1036943,1036944,1036945,1036946,1038856
CVE References: CVE-2017-7585,CVE-2017-7741,CVE-2017-7742,CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365
Sources used:
openSUSE Leap 42.2 (src):    libsndfile-1.0.25-26.6.1, libsndfile-progs-1.0.25-26.6.1
Comment 17 Marcus Meissner 2017-06-15 18:56:11 UTC
released