953521 – (CVE-2014-9756) VUL-1: CVE-2014-9756: libsndfile DoS/divide-by-zero

Bug 953521 (CVE-2014-9756) - VUL-1: CVE-2014-9756: libsndfile DoS/divide-by-zero

Summary: VUL-1: CVE-2014-9756: libsndfile DoS/divide-by-zero

Status:	RESOLVED FIXED

Alias:	CVE-2014-9756

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/158507/
Whiteboard:	CVSSv2:NVD:CVE-2014-9756:5.0:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-11-04 09:28 UTC by Sebastian Krahmer
Modified:	2018-10-19 18:40 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2015-11-04 09:28:32 UTC

A divide by zero can lead to a DoS.

CVE-2014-9756



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9756
http://seclists.org/oss-sec/2015/q4/218
https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6

Comment 1 Takashi Iwai 2015-11-04 11:53:24 UTC

The fix was submitted to FACTORY, openSUSE 13.1, openSUSE 13.2, openSUSE Leap 42.1, SLE11-SP1, and SLE12.

Comment 2 Bernhard Wiedemann 2015-11-04 12:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (953521) was mentioned in
https://build.opensuse.org/request/show/342401 13.1 / libsndfile
https://build.opensuse.org/request/show/342402 13.2 / libsndfile
https://build.opensuse.org/request/show/342403 Leap:42.1 / libsndfile.openSUSE_Leap_42.1_Update

Comment 3 Swamp Workflow Management 2015-11-04 23:00:34 UTC

bugbot adjusting priority

Comment 4 Takashi Iwai 2015-11-05 11:28:01 UTC

The fix was submitted to all relevant branches.  Reassigning back to security team for the rest.

Comment 5 Bernhard Wiedemann 2015-11-05 15:00:32 UTC

This is an autogenerated message for OBS integration:
This bug (953521) was mentioned in
https://build.opensuse.org/request/show/342564 13.1 / libsndfile
https://build.opensuse.org/request/show/342565 13.2 / libsndfile

Comment 6 Swamp Workflow Management 2015-11-12 16:13:05 UTC

SUSE-SU-2015:1979-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 953516,953521
CVE References: CVE-2014-9756,CVE-2015-7805
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Server 11-SP4 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Server 11-SP3 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11-SP4 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11-SP3 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libsndfile-1.0.20-2.10.2

Comment 7 Swamp Workflow Management 2015-11-16 10:12:17 UTC

openSUSE-SU-2015:1995-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 953516,953519,953521
CVE References: CVE-2014-9756,CVE-2015-7805,CVE-2015-8075
Sources used:
openSUSE 13.2 (src):    libsndfile-1.0.25-19.7.1, libsndfile-progs-1.0.25-19.7.1
openSUSE 13.1 (src):    libsndfile-1.0.25-17.7.1, libsndfile-progs-1.0.25-17.7.1

Comment 8 Swamp Workflow Management 2015-11-16 11:11:44 UTC

SUSE-SU-2015:2000-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 953516,953519,953521
CVE References: CVE-2014-9756,CVE-2015-7805,CVE-2015-8075
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    libsndfile-1.0.25-24.1
SUSE Linux Enterprise Server 12 (src):    libsndfile-1.0.25-24.1
SUSE Linux Enterprise Desktop 12 (src):    libsndfile-1.0.25-24.1

Comment 9 Swamp Workflow Management 2015-11-27 16:11:26 UTC

openSUSE-SU-2015:2119-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 953516,953519,953521
CVE References: CVE-2014-9756,CVE-2015-7805,CVE-2015-8075
Sources used:
openSUSE Leap 42.1 (src):    libsndfile-1.0.25-24.1, libsndfile-progs-1.0.25-24.1

Comment 10 Sebastian Krahmer 2015-11-30 14:35:45 UTC

released

Comment 11 Swamp Workflow Management 2015-12-25 14:15:04 UTC

SUSE-SU-2015:2000-2: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 953516,953519,953521
CVE References: CVE-2014-9756,CVE-2015-7805,CVE-2015-8075
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libsndfile-1.0.25-25.1
SUSE Linux Enterprise Server 12-SP1 (src):    libsndfile-1.0.25-25.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libsndfile-1.0.25-25.1