Details: https://nvd.nist.gov/vuln/detail/CVE-2017-18189
Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2017-18189 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../sox/sox/CVE-2017-18189.patch | 34 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch new file mode 100644 index 0000000000..3ca829b230 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch @@ -0,0 +1,34 @@ +From c9e266bc77952c873a28ae320dac2eae5cbc9934 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard <[email protected]> +Date: Thu, 9 Nov 2017 11:45:10 +0000 +Subject: [PATCH] xa: validate channel count + +A corrupt header specifying zero channels would send read_channels() +into an infinite loop. Prevent this by sanity checking the channel +count in open_read(). Also add an upper bound to prevent overflow +in multiplication. + +CVE: CVE-2017-18189 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/xa.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/xa.c b/src/xa.c +index 81a7677..9fc086e 100644 +--- a/src/xa.c ++++ b/src/xa.c +@@ -143,6 +143,12 @@ static int startread(sox_format_t * ft) + lsx_report("User options overriding rate read in .xa header"); + } + ++ if (ft->signal.channels == 0 || ft->signal.channels > UINT16_MAX) { ++ lsx_fail_errno(ft, SOX_EFMT, "invalid channel count %d", ++ ft->signal.channels); ++ return SOX_EOF; ++ } ++ + /* Check for supported formats */ + if (ft->encoding.bits_per_sample != 16) { + lsx_fail_errno(ft, SOX_EFMT, "%d-bit sample resolution not supported.", diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index d49ac822b4..8606eb6c0f 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -37,6 +37,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-15371.patch \ file://CVE-2017-15372.patch \ file://CVE-2017-15642.patch \ + file://CVE-2017-18189.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123885): https://lists.openembedded.org/g/openembedded-devel/message/123885 Mute This Topic: https://lists.openembedded.org/mt/117467446/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
