You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa sox

Sigurnosni nedostaci programskog paketa sox

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-07-27 16:46:09.803041

Name : sox
Product : Fedora 28
Version :
Release : 22.fc28
Summary : A general purpose sound file conversion tool
Description :
SoX (Sound eXchange) is a sound file format converter. SoX can convert
between many different digitized sound formats and perform simple
sound manipulation functions, including sound effects.

Update Information:

Fixes **CVE-2017-11332**, **CVE-2017-11358**, and **CVE-2017-11359**. —-
**Prevents division by zero in `src/ao.c`** This bug is hard to reproduce,
depending on the HW configuration or installed OS parts. For me, it can be
reproduced only in `mock`. In this update, error message should be displayed
instead of SIGFPE.

* Wed Jun 6 2018 Jiri Kucera <> –
– added patch that fixes:
+ “divide by zero in startread function in wav.c” (CVE-2017-11332)
+ “invalid memory read in read_samples function in hcom.c” (CVE-2017-11358)
+ “divide by zero in wavwritehdr function in wav.c” (CVE-2017-11359)
resolves #1480674, #1480675, #1480676, and #1480678
* Sat Jun 2 2018 Jiri Kucera <> –
– fix hunks in patches
– prevents division by zero in src/ao.c
+ fixes/prevents “sox killed by SIGFPE (signal 8)” kind of bugs that appear
randomly, depending on reporter’s HW/environment/OS components
+ related bugs: #1309426, #1226675, #1540762, #1492910

[ 1 ] Bug #1480678 – CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 sox: various flaws [fedora-all]
[ 2 ] Bug #1226675 – [abrt] sox: startwrite(): sox killed by SIGFPE

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-57a9f93beb’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-07-0001-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa php

Otkriven je sigurnosni nedostatak u programskom paketu php za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...