rpms/speex/F-8 speex-1.2-CVE-2008-1686.diff, NONE, 1.1 speex.spec, 1.19, 1.20

Tomas Hoger (thoger) fedora-extras-commits at redhat.com
Tue Apr 15 15:43:52 UTC 2008 

Author: thoger

Update of /cvs/extras/rpms/speex/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27734/F-8

Modified Files:
	speex.spec 
Added Files:
	speex-1.2-CVE-2008-1686.diff 
Log Message:
Add mode checks to speex_packet_to_header() to protect applications
using speex library and not having proper checks
(CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)


speex-1.2-CVE-2008-1686.diff:

--- NEW FILE speex-1.2-CVE-2008-1686.diff ---
Patch for CVE-2008-1686, see:
https://trac.xiph.org/changeset/14701
http://www.ocert.org/advisories/ocert-2008-2.html

diff -pruN speex-1.2beta2.orig/libspeex/speex_header.c speex-1.2beta2/libspeex/speex_header.c
--- speex-1.2beta2.orig/libspeex/speex_header.c	2007-03-18 13:25:09.000000000 +0100
+++ speex-1.2beta2/libspeex/speex_header.c	2008-04-15 17:15:18.000000000 +0200
@@ -161,6 +161,13 @@ SpeexHeader *speex_packet_to_header(char
    ENDIAN_SWITCH(le_header->frames_per_packet);
    ENDIAN_SWITCH(le_header->extra_headers);
 
+   if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
+   {
+      speex_warning ("Invalid mode specified in Speex header");
+      speex_free (le_header);
+      return NULL;
+   }
+
    return le_header;
 
 }


Index: speex.spec
===================================================================
RCS file: /cvs/extras/rpms/speex/F-8/speex.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- speex.spec	18 Sep 2007 10:54:46 -0000	1.19
+++ speex.spec	15 Apr 2008 15:43:14 -0000	1.20
@@ -1,7 +1,7 @@
 Summary: 	A voice compression format (codec)
 Name: 		speex
 Version: 	1.2
-Release:	0.3.beta2
+Release:	0.4.beta2
 License: 	BSD
 Group: 		System Environment/Libraries
 URL: 		http://www.speex.org/
@@ -12,6 +12,7 @@
 # don't build unneded test programs, since they seem to cause
 # build failures
 Patch0: speex-1.2beta1-test-progs.patch
+Patch1: speex-1.2-CVE-2008-1686.diff
 
 %description
 Speex is a patent-free compression format designed especially for
@@ -33,6 +34,7 @@
 %prep
 %setup -q -n speex-1.2beta2
 %patch0 -p1 -b .test-progs
+%patch1 -p1 -b .CVE-2008-1686
 
 %build
 %configure --enable-static --with-ogg-libraries=%{_libdir}
@@ -69,6 +71,11 @@
 %{_libdir}/libspeex.a
 
 %changelog
+* Tue Apr 15 2008 Tomas Hoger <thoger at redhat.com> - 1.2-0.4.beta2
+- Security update: Add mode checks to speex_packet_to_header() to protect
+  applications using speex library and not having proper checks
+  (CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)
+
 * Tue Sep 18 2007 - Bastien Nocera <bnocera at redhat.com> - 1.2-0.3.beta2
 - Update to Beta 2

More information about the fedora-extras-commits mailing list