Bug 1500570
Summary: | It is a reachable assertion abort in function sox_append_comment(in formats.c:227) that will lead to denial of service attack | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Liu Zhu <fantasy7082> | ||||
Component: | sox | Assignee: | Jiri Kucera <jkucera> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 26 | CC: | felix, fkluknav, hhorak, hobbes1069, psampaio | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | sox-14.4.2.0-14.fc26 sox-14.4.2.0-14.fc27 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-01-23 21:17:55 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Liu Zhu
2017-10-11 04:14:46 UTC
There is a related discussion on upstream: https://sourceforge.net/p/sox/mailman/sox-devel/thread/CAG_ZyaD8huzEm9cajDd63z1nGOTVRw%3DY8vPE-t5pHB%3D9XmQ_Xw%40mail.gmail.com/#msg36124536 with a link to the patch that fix this bug: https://bogomips.org/sox.git/patch/?id=818bdd0ccc1e5b6cae742c740c17fd414935cf39 This patch is also in Debian alioth: https://anonscm.debian.org/git/pkg-multimedia/sox.git/plain/debian/patches/0005-CVE-2017-15371.patch Link to commit: https://src.fedoraproject.org/rpms/sox/c/1c345ef4b817366e86ade0792e3ef81e2e84643a?branch=master Also merged with f26 and f27 branches. sox-14.4.2.0-13.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-448444341e sox-14.4.2.0-13.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ca3df84ad sox-14.4.2.0-13.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-448444341e sox-14.4.2.0-13.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ca3df84ad sox-14.4.2.0-13.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ca3df84ad sox-14.4.2.0-14.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b528f28c59 sox-14.4.2.0-14.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b26768593c sox-14.4.2.0-13.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-448444341e sox-14.4.2.0-13.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-448444341e sox-14.4.2.0-14.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b528f28c59 sox-14.4.2.0-14.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b26768593c sox-14.4.2.0-14.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. sox-14.4.2.0-14.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |