Hello community, here is the log from the commit of package flac for openSUSE:Factory checked in at 2014-11-28 08:47:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/flac (Old) and /work/SRC/openSUSE:Factory/.flac.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flac" Changes: -------- --- /work/SRC/openSUSE:Factory/flac/flac.changes 2013-07-01 15:53:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.flac.new/flac.changes 2014-11-28 08:47:08.000000000 +0100 @@ -1,0 +2,11 @@ +Wed Nov 26 09:56:05 CET 2014 - [email protected] + +- A couple of security fixes: + * flac-fix-CVE-2014-8962.patch: + arbitrary code execution by a stack overflow (CVE-2014-8692, + bnc#906831) + * flac-fix-CVE-2014-9028.patch: + Heap overflow via specially crafted .flac files (CVE-2014-9028, + bnc#907016) + +------------------------------------------------------------------- New: ---- flac-fix-CVE-2014-8962.patch flac-fix-CVE-2014-9028.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flac.spec ++++++ --- /var/tmp/diff_new_pack.hbweWs/_old 2014-11-28 08:47:09.000000000 +0100 +++ /var/tmp/diff_new_pack.hbweWs/_new 2014-11-28 08:47:09.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package flac # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,6 +32,8 @@ Patch2: 0001-Allow-use-of-openSSL.patch Patch3: flac-fix-pkgconfig.patch Patch5: 0001-getopt_long-not-broken-here.patch +Patch6: flac-fix-CVE-2014-8962.patch +Patch7: flac-fix-CVE-2014-9028.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf >= 2.60 BuildRequires: automake >= 1.11 @@ -88,6 +90,8 @@ %patch2 -p1 %patch3 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build touch config.rpath ++++++ flac-fix-CVE-2014-8962.patch ++++++ >From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001 From: Erik de Castro Lopo <[email protected]> Date: Tue, 18 Nov 2014 07:20:25 -0800 Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow. This is CVE-2014-8962. Reported-by: Michele Spagnuolo, Google Security Team <[email protected]> --- src/libFLAC/stream_decoder.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC * ***********************************************************************/ -static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; +static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; /*********************************************************************** * @@ -1381,6 +1381,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe id = 0; continue; } + + if(id >= 3) + return false; + if(x == ID3V2_TAG_[id]) { id++; i = 0; ++++++ flac-fix-CVE-2014-9028.patch ++++++ >From fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Mon Sep 17 00:00:00 2001 From: Erik de Castro Lopo <[email protected]> Date: Wed, 19 Nov 2014 19:35:59 -0800 Subject: [PATCH] src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow. A file provided by the reporters caused the stream decoder to write to un-allocated heap space resulting in a segfault. The solution is to error out (by returning false from read_residual_partitioned_rice_()) instead of trying to continue to decode. Fixes: CVE-2014-9028 Reported-by: Michele Spagnuolo, Google Security Team <[email protected]> --- src/libFLAC/stream_decoder.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -2725,7 +2725,8 @@ FLAC__bool read_residual_partitioned_ric if(decoder->private_->frame.header.blocksize < predictor_order) { send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; - return true; + /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */ + return false; } } else { -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
