Bug 1137823 - (CVE-2018-19802) VUL-0: CVE-2018-19802: aubio: Buffer Overflow
(CVE-2018-19802)
VUL-0: CVE-2018-19802: aubio: Buffer Overflow
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/234587/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-06-11 07:34 UTC by Alexander Bergmann
Modified: 2019-08-14 22:38 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Takashi Iwai 2019-06-12 14:14:21 UTC
There is no detailed information, and git commits are no help.

My wild guess is that this is the commit e4e0861cffbc8d3a53dcd18f9ae85797690d67c7
    [onset] safer deletion method
or commit c5ee1307bdc004e43302abeca1802c2692b33a8e
    [notes] prevent null pointer dereference

Maybe the latter.
Comment 2 Takashi Iwai 2019-06-12 14:38:12 UTC
The old package in Leap 42.3 doesn't contain the corresponding code.  Only for Leap 15.0 and 15.1.
Comment 3 Takashi Iwai 2019-06-12 14:43:42 UTC
The fix is submitted to Leap 15.0 and Leap 15.1.
Reassigned back to security team.
Comment 4 Swamp Workflow Management 2019-06-12 15:20:08 UTC
This is an autogenerated message for OBS integration:
This bug (1137823) was mentioned in
https://build.opensuse.org/request/show/709475 15.0 / aubio
https://build.opensuse.org/request/show/709476 15.1 / aubio
Comment 5 Swamp Workflow Management 2019-06-24 19:11:25 UTC
openSUSE-SU-2019:1618-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137822,1137823,1137828
CVE References: CVE-2018-19800,CVE-2018-19801,CVE-2018-19802
Sources used:
openSUSE Leap 42.3 (src):    aubio-0.4.1-9.13.1
openSUSE Leap 15.1 (src):    aubio-0.4.6-lp151.6.3.1, python-aubio-0.4.6-lp151.6.3.1
openSUSE Leap 15.0 (src):    aubio-0.4.6-lp150.3.10.1, python-aubio-0.4.6-lp150.3.10.1
Comment 6 Swamp Workflow Management 2019-06-25 13:12:12 UTC
openSUSE-SU-2019:1624-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137822,1137823,1137828
CVE References: CVE-2018-19800,CVE-2018-19801,CVE-2018-19802
Sources used:
openSUSE Backports SLE-15 (src):    aubio-0.4.6-bp150.3.12.1, python-aubio-0.4.6-bp150.3.12.1
Comment 7 Marcus Meissner 2019-07-03 08:27:55 UTC
released
Comment 8 Swamp Workflow Management 2019-07-23 11:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (1137823) was mentioned in
https://build.opensuse.org/request/show/717834 15.0 / aubio
Comment 9 Swamp Workflow Management 2019-08-06 19:17:36 UTC
openSUSE-SU-2019:1834-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137823,1142433,1142435,1142436
CVE References: CVE-2018-19802,CVE-2019-1010222,CVE-2019-1010223,CVE-2019-1010224
Sources used:
openSUSE Leap 15.0 (src):    aubio-0.4.6-lp150.3.13.1, python-aubio-0.4.6-lp150.3.13.1
Comment 10 Swamp Workflow Management 2019-08-13 13:10:27 UTC
openSUSE-SU-2019:1852-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137823,1142433,1142435,1142436
CVE References: CVE-2018-19802,CVE-2019-1010222,CVE-2019-1010223,CVE-2019-1010224
Sources used:
openSUSE Backports SLE-15 (src):    aubio-0.4.6-bp150.3.15.1, python-aubio-0.4.6-bp150.3.15.1