Bug 13971

Summary: [CVE 21] libao 1.2.0 CVEs CVE-2017-11548 EXPLOIT https://www.exploit-db.com/download/42400 found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: a.proklov, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2017-11548
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-20 14:58:57 MSK 
libao	1.2.0	CVE-2017-11548	The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.	5,5	MEDIUM	4,3	MEDIUM	CWE-119	CAPEC-10||CAPEC-100||CAPEC-123||CAPEC-14||CAPEC-24||CAPEC-42||CAPEC-44||CAPEC-45||CAPEC-46||CAPEC-47||CAPEC-8||CAPEC-9||		Не найден	https://nvd.nist.gov/vuln/detail/CVE-2017-11548	https://www.exploit-db.com/download/42400	Linux
Comment 1 Svyatoslav Matveev 2023-10-21 12:12:23 MSK 
********** QA ADVISORY **********

Исправлено наложением патча.

*** libao
**  1.2.0 release +1

https://abf.io/build_lists/4759595
https://abf.io/build_lists/4759596
https://abf.io/build_lists/4759594
https://abf.io/build_lists/4759597
https://abf.io/build_lists/4759598
Comment 2 Vladimir Potapov 2023-10-23 14:47:04 MSK 
********************************
The update sent to testings
Comment 3 Vladimir Potapov 2023-10-24 13:05:43 MSK 
libao-1.2.0-10
https://abf.io/build_lists/4759595
https://abf.io/build_lists/4759596
https://abf.io/build_lists/4759594
https://abf.io/build_lists/4759597
https://abf.io/build_lists/4759598
***************************** Advisory **************************
Many CVEs are fixed
*****************************************************************
QA Verified
Comment 4 Yury 2023-10-27 20:02:56 MSK 
secteam_verified