Bug 1142435 - (CVE-2019-1010224) VUL-1: CVE-2019-1010224: aubio: null pointer in onset leading to DOS
(CVE-2019-1010224)
VUL-1: CVE-2019-1010224: aubio: null pointer in onset leading to DOS
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/237821/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-23 06:27 UTC by Alexandros Toptsoglou
Modified: 2020-02-05 07:46 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-07-23 06:27:27 UTC
CVE-2019-1010224

aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash
(DoS). The component is: onset. The fixed version is: after commit
e4e0861cffbc8d3a53dcd18f9ae85797690d67c7.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010224
https://github.com/aubio/aubio/commit/e4e0861cffbc8d3a53dcd18f9ae85797690d67c7
https://github.com/aubio/aubio/blob/0.4.8/src/onset/onset.c#L59
Comment 1 Alexandros Toptsoglou 2019-07-23 06:28:03 UTC
TW ships already version 0.4.9
Comment 2 Takashi Iwai 2019-07-23 10:33:15 UTC
The fix is submitted.
Reassigned back.
Comment 3 Swamp Workflow Management 2019-07-23 11:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (1142435) was mentioned in
https://build.opensuse.org/request/show/717834 15.0 / aubio
Comment 4 Swamp Workflow Management 2019-08-06 19:17:49 UTC
openSUSE-SU-2019:1834-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137823,1142433,1142435,1142436
CVE References: CVE-2018-19802,CVE-2019-1010222,CVE-2019-1010223,CVE-2019-1010224
Sources used:
openSUSE Leap 15.0 (src):    aubio-0.4.6-lp150.3.13.1, python-aubio-0.4.6-lp150.3.13.1
Comment 5 Swamp Workflow Management 2019-08-13 13:10:43 UTC
openSUSE-SU-2019:1852-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1137823,1142433,1142435,1142436
CVE References: CVE-2018-19802,CVE-2019-1010222,CVE-2019-1010223,CVE-2019-1010224
Sources used:
openSUSE Backports SLE-15 (src):    aubio-0.4.6-bp150.3.15.1, python-aubio-0.4.6-bp150.3.15.1
Comment 6 Alexandros Toptsoglou 2020-01-16 14:36:44 UTC
Leap 15.1 seems to miss the fix. Reassigning back.
Comment 7 Takashi Iwai 2020-01-16 15:34:21 UTC
(In reply to Alexandros Toptsoglou from comment #6)
> Leap 15.1 seems to miss the fix. Reassigning back.

Hm, OK, now submitted to 15.1:Update.

For Leap, did we need to submit the same thing to both Leap 15.0 and 15.1?
Now it doesn't matter, but I'd like to confirm that for future.
Comment 8 Alexandros Toptsoglou 2020-01-16 15:37:09 UTC
(In reply to Takashi Iwai from comment #7)
> (In reply to Alexandros Toptsoglou from comment #6)
> > Leap 15.1 seems to miss the fix. Reassigning back.
> 
> Hm, OK, now submitted to 15.1:Update.
> 
> For Leap, did we need to submit the same thing to both Leap 15.0 and 15.1?
> Now it doesn't matter, but I'd like to confirm that for future.

Unless a package is inherited from SLE, we need a submission for each supported version. The difference in openSUSE is that we also accept one submission which contains fixes for more than one codestream.
Comment 9 Takashi Iwai 2020-01-16 16:00:47 UTC
Thanks for clarification.

Now reassigned back to security team.
Comment 10 Swamp Workflow Management 2020-01-16 16:10:10 UTC
This is an autogenerated message for OBS integration:
This bug (1142435) was mentioned in
https://build.opensuse.org/request/show/765018 15.1 / aubio
Comment 11 Swamp Workflow Management 2020-01-28 17:14:18 UTC
openSUSE-SU-2020:0121-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1142433,1142435,1142436
CVE References: CVE-2019-1010222,CVE-2019-1010223,CVE-2019-1010224
Sources used:
openSUSE Leap 15.1 (src):    aubio-0.4.6-lp151.6.7.1, python-aubio-0.4.6-lp151.6.7.1
Comment 12 Marcus Meissner 2020-02-05 07:46:48 UTC
done