This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1291103 - fix for CVE-2015-7805 unclear
fix for CVE-2015-7805 unclear
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: libsndfile (Show other bugs)
23
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Andreas Thienemann
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-13 17:41 EST by Lasse Kliemann
Modified: 2016-02-16 20:23 EST (History)
2 users (show)

See Also:
Fixed In Version: libsndfile-1.0.25-18.fc23 libsndfile-1.0.25-18.fc22 libsndfile-1.0.17-8.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-20 01:52:39 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lasse Kliemann 2015-12-13 17:41:04 EST
Description of problem:
As per <https://bodhi.fedoraproject.org/updates/FEDORA-2015-5afed1aad2>, a fix for CVE-2015-7805 was provided for stable on 2015-11-13, release 17.fc23.

As per 'dnf info libsndfile', I have this version installed here on my FC23 machine. However, the demo from <https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html> still makes audacity crash.

Version-Release number of selected component (if applicable):
FC23 and libsndfile 1.0.25 17.fc23.

How reproducible:
Run the Perl script from <https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html> and call 'audacity nemux.aiff'.

Actual results:
Segmentation fault.

Expected results:
Audacity should start. I tested this on an Ubuntu-based distribution.
Comment 1 Michal Hlavinka 2015-12-16 12:24:44 EST
You are right, that patch was incomplete.
Comment 2 Fedora Update System 2015-12-17 05:55:45 EST
libsndfile-1.0.25-18.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-71b291686c
Comment 3 Fedora Update System 2015-12-17 05:55:47 EST
libsndfile-1.0.17-8.el5 has been submitted as an update to Fedora EPEL 5. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2
Comment 4 Fedora Update System 2015-12-17 05:55:57 EST
libsndfile-1.0.25-18.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0be7a2e1b8
Comment 5 Fedora Update System 2015-12-18 05:19:24 EST
libsndfile-1.0.17-8.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'yum --enablerepo=epel-testing update libsndfile'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2
Comment 6 Fedora Update System 2015-12-18 06:27:21 EST
libsndfile-1.0.25-18.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update libsndfile'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0be7a2e1b8
Comment 7 Fedora Update System 2015-12-18 06:56:02 EST
libsndfile-1.0.25-18.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update libsndfile'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-71b291686c
Comment 8 Fedora Update System 2015-12-20 01:52:27 EST
libsndfile-1.0.25-18.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2016-01-21 22:19:26 EST
libsndfile-1.0.25-18.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2016-02-16 20:22:51 EST
libsndfile-1.0.17-8.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.