diff options
| author | Ross Burton <ross.burton@intel.com> | 2019-03-05 16:29:59 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-03-06 10:39:25 +0000 |
| commit | 1cbf28ba2c17f32a63da5f0545994e477c1e8c5a (patch) | |
| tree | 7802d51e5824a53d90b1f3c500a8ecd4ec5066f0 /meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch | |
| parent | 6c1a511e08628f68ebb2c4e78d6d44affb465e24 (diff) | |
| download | poky-1cbf28ba2c17f32a63da5f0545994e477c1e8c5a.tar.gz | |
libsndfile1: update security patches
Remove CVE-2017-14245-14246.patch, fix rejected upstream as it doesn't solve the
underlying issue.
Instead 0001-a-ulaw-fix-multiple-buffer-overflows-432 also solves CVE-2017-14245
and CVE-2017-14246 properly.
Add patches for CVE-2017-12562 and CVE-2018-19758.
Refresh CVE-2018-13139.patch.
(From OE-Core rev: a5625df8031985e9c60c34068a4a01c36da40eec)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch')
| -rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch new file mode 100644 index 0000000000..c3586f9dfc --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | There is a heap-based buffer over-read at wav.c in wav_write_header in | ||
| 2 | libsndfile 1.0.28 that will cause a denial of service. | ||
| 3 | |||
| 4 | CVE: CVE-2018-19758 | ||
| 5 | Upstream-Status: Backport [42132c543358cee9f7c3e9e9b15bb6c1063a608e] | ||
| 6 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 7 | |||
| 8 | From c12173b0197dd0c5cfa2cd27977e982d2ae59486 Mon Sep 17 00:00:00 2001 | ||
| 9 | From: Erik de Castro Lopo <erikd@mega-nerd.com> | ||
| 10 | Date: Tue, 1 Jan 2019 20:11:46 +1100 | ||
| 11 | Subject: [PATCH] src/wav.c: Fix heap read overflow | ||
| 12 | |||
| 13 | This is CVE-2018-19758. | ||
| 14 | |||
| 15 | Closes: https://github.com/erikd/libsndfile/issues/435 | ||
| 16 | --- | ||
| 17 | src/wav.c | 2 ++ | ||
| 18 | 1 file changed, 2 insertions(+) | ||
| 19 | |||
| 20 | diff --git a/src/wav.c b/src/wav.c | ||
| 21 | index e8405b55..6fb94ae8 100644 | ||
| 22 | --- a/src/wav.c | ||
| 23 | +++ b/src/wav.c | ||
| 24 | @@ -1094,6 +1094,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length) | ||
| 25 | psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */ | ||
| 26 | psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ; | ||
| 27 | |||
| 28 | + /* Loop count is signed 16 bit number so we limit it range to something sensible. */ | ||
| 29 | + psf->instrument->loop_count &= 0x7fff ; | ||
| 30 | for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) | ||
| 31 | { int type ; | ||
| 32 | |||
| 33 | -- | ||
| 34 | 2.11.0 | ||