Bugzilla – Bug 387731
VUL-0: libid3tag overflow
Last modified: 2018-03-18 14:10:58 UTC
Theres a buffer overflow in libid3tag which gentoo is going to announce. Patch etc is here: http://bugs.gentoo.org/show_bug.cgi?id=210564
====================================================== Name: CVE-2008-2109 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109 Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=210564 Reference: MLIST:[mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b Reference: URL:http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
The fixed packages are submitted now. Tested on 11.0b2. Do I need to create patchinfo, or would you security team do?
One of the security team members will do it as soon as possible. (acutally)
OK, reassigned to security team, then. Thanks.
IMO this is not a security issue after all. The id3 tag parser runs into an endless of small allocations. It will eventually stop or get killed due to oom. This might be annoying but unless we have a server designed to handle arbitrary mp3 I'd not call this a security issue but just a regular bug. On SLE10 for example there isn't even an application we ship that uses libid3tag AFAICS. So we can skip this update from a security PoV.
yes, I agree. Takashi, you can remove the submissions for the old prodxucts again
Done. Fixed only on STABLE now.
So, if STABLE is sufficient, this bug can be closed.
well, then just do it
CVE-2008-2109: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
SUSE-SU-2018:0715-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1081959,1081961,1081962,387731 CVE References: CVE-2004-2779,CVE-2008-2109,CVE-2017-11550,CVE-2017-11551 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libid3tag-0.15.1b-132.3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libid3tag-0.15.1b-132.3.1
SUSE-SU-2018:0722-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1081959,1081961,1081962,387731 CVE References: CVE-2004-2779,CVE-2008-2109,CVE-2017-11550,CVE-2017-11551 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): libid3tag-0.15.1b-184.3.1 SUSE Linux Enterprise Workstation Extension 12-SP2 (src): libid3tag-0.15.1b-184.3.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libid3tag-0.15.1b-184.3.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): libid3tag-0.15.1b-184.3.1 SUSE Linux Enterprise Desktop 12-SP3 (src): libid3tag-0.15.1b-184.3.1 SUSE Linux Enterprise Desktop 12-SP2 (src): libid3tag-0.15.1b-184.3.1
openSUSE-SU-2018:0735-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1081959,1081961,1081962,387731 CVE References: CVE-2004-2779,CVE-2008-2109,CVE-2017-11550,CVE-2017-11551 Sources used: openSUSE Leap 42.3 (src): libid3tag-0.15.1b-188.3.1