From 56ab329a053e1efe9d4cdad8483aacd4b0115ea4 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 21 Jun 2017 15:46:33 +0200 Subject: [PATCH] fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328) --- libsndfile-1.0.29-cve2017_6892.patch | 25 +++++++++++++++++++++++++ libsndfile.spec | 7 ++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 libsndfile-1.0.29-cve2017_6892.patch diff --git a/libsndfile-1.0.29-cve2017_6892.patch b/libsndfile-1.0.29-cve2017_6892.patch new file mode 100644 index 0000000..d5ccf72 --- /dev/null +++ b/libsndfile-1.0.29-cve2017_6892.patch @@ -0,0 +1,25 @@ +From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Tue, 23 May 2017 20:15:24 +1000 +Subject: [PATCH] src/aiff.c: Fix a buffer read overflow + +Secunia Advisory SA76717. + +Found by: Laurent Delosieres, Secunia Research at Flexera Software +--- + src/aiff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/aiff.c b/src/aiff.c +index 5b5f9f53..45864b76 100644 +--- a/src/aiff.c ++++ b/src/aiff.c +@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword) + psf_binheader_readf (psf, "j", dword - bytesread) ; + + if (map_info->channel_map != NULL) +- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ; ++ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ; + + free (psf->channel_map) ; + diff --git a/libsndfile.spec b/libsndfile.spec index a956c65..5ef482f 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,7 +1,7 @@ Summary: Library for reading and writing sound files Name: libsndfile Version: 1.0.28 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ and GPLv2+ and BSD Group: System Environment/Libraries URL: http://www.mega-nerd.com/libsndfile/ @@ -10,6 +10,7 @@ Patch0: libsndfile-1.0.25-system-gsm.patch Patch1: libsndfile-1.0.25-zerodivfix.patch Patch2: revert.patch Patch3: libsndfile-1.0.28-flacbufovfl.patch +Patch4: libsndfile-1.0.29-cve2017_6892.patch BuildRequires: alsa-lib-devel BuildRequires: flac-devel BuildRequires: libogg-devel @@ -58,6 +59,7 @@ This package contains command line utilities for libsndfile. %patch1 -p1 -b .zerodivfix %patch2 -p1 -b .revert %patch3 -p1 -b .flacbufovfl +%patch4 -p1 -b .cve2017_6892 rm -r src/GSM610 %build @@ -153,6 +155,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %changelog +* Wed Jun 21 2017 Michal Hlavinka - 1.0.28-3 +- fix buffer overflow in aiff (CVE-2017-6892,rhbz#1463328) + * Mon Jun 05 2017 Michal Hlavinka - 1.0.28-2 - fix flac and pcm buffer overflows (CVE-2017-8361,CVE-2017-8362,CVE-2017-8363,CVE-2017-8365)