-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-57a9f93beb 2018-07-27 16:46:09.803041 --------------------------------------------------------------------------------
Name : sox Product : Fedora 28 Version : 14.4.2.0 Release : 22.fc28 URL : http://sox.sourceforge.net/ Summary : A general purpose sound file conversion tool Description : SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.
-------------------------------------------------------------------------------- Update Information:
Fixes **CVE-2017-11332**, **CVE-2017-11358**, and **CVE-2017-11359**. ---- **Prevents division by zero in `src/ao.c`** This bug is hard to reproduce, depending on the HW configuration or installed OS parts. For me, it can be reproduced only in `mock`. In this update, error message should be displayed instead of SIGFPE. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 6 2018 Jiri Kucera jkucera@redhat.com - 14.4.2.0-22 - added patch that fixes: + "divide by zero in startread function in wav.c" (CVE-2017-11332) + "invalid memory read in read_samples function in hcom.c" (CVE-2017-11358) + "divide by zero in wavwritehdr function in wav.c" (CVE-2017-11359) resolves #1480674, #1480675, #1480676, and #1480678 * Sat Jun 2 2018 Jiri Kucera jkucera@redhat.com - 14.4.2.0-21 - fix hunks in patches - prevents division by zero in src/ao.c + fixes/prevents "sox killed by SIGFPE (signal 8)" kind of bugs that appear randomly, depending on reporter's HW/environment/OS components + related bugs: #1309426, #1226675, #1540762, #1492910 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1480678 - CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 sox: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1480678 [ 2 ] Bug #1226675 - [abrt] sox: startwrite(): sox killed by SIGFPE https://bugzilla.redhat.com/show_bug.cgi?id=1226675 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-57a9f93beb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------