Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: 28 sox Update Resolves Division by Zero Errors and Fixes

fedora
Calendar Grey July 27, 2018
Dist Fedora Esm H88
This patch resolves various vulnerabilities in the sox application for Fedora, improving its performance and reliability.
Fixes **CVE-2017-11332**, **CVE-2017-11358**, and **CVE-2017-11359**

Summary

SoX (Sound eXchange) is a sound file format converter. SoX can convert

between many different digitized sound formats and perform simple

sound manipulation functions, including sound effects.

Fixes **CVE-2017-11332**, **CVE-2017-11358**, and **CVE-2017-11359**. ----**Prevents division by zero in `src/ao.c`** This bug is hard to reproduce,

depending on the HW configuration or installed OS parts. For me, it can be

reproduced only in `mock`. In this update, error message should be displayed

instead of SIGFPE.

* Wed Jun 6 2018 Jiri Kucera - 14.4.2.0-22

- added patch that fixes:

+ "divide by zero in startread function in wav.c" (CVE-2017-11332)

+ "invalid memory read in read_samples function in hcom.c" (CVE-2017-11358)

+ "divide by zero in wavwritehdr function in wav.c" (CVE-2017-11359)

resolves #1480674, #1480675, #1480676, and #1480678

* Sat Jun 2 2018 Jiri Kucera - 14.4.2.0-21

- fix hunks in patches

- prevents division by zero in src/ao.c

+ fixes/prevents "sox killed by SIGFPE (signal 8)" kind of bugs that appear

randomly, depending on reporter's HW/environment/OS components

+ related bugs: #1309426, #1226675, #1540762, #1492910

[ 1 ] Bug #1480678 - CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 sox: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1480678

[ 2 ] Bug #1226675 - [abrt] sox: startwrite(): sox killed by SIGFPE

https://bugzilla.redhat.com/show_bug.cgi?id=1226675

su -c 'dnf upgrade --advisory FEDORA-2018-57a9f93beb' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA2AXBEF6CS2T4CZB4KAMGUXVAQDJEBR/

Topics%20covered

Topics Covered

security advisory software update Fedora security fix sox division by zero signal errors

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 14.4.2.0
Release: 22.fc28
URL: https://sourceforge.net/projects/sox/
Summary: A general purpose sound file conversion tool

Topics%20covered

Topics Covered

security advisory software update Fedora security fix sox division by zero signal errors

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here