安全公告详情

NS-SA-2019-0251

2019-12-27 14:15:32

简介

important: sox/linux-firmware security update

严重级别

important

主题

An update for sox/linux-firmware is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

sox: SoX (Sound eXchange) is a sound file format converter SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.
linux-firmware: Kernel-firmware includes firmware files required for some devices to operate.


Security Fix(es):
sox: A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files.(CVE-2017-18189)
sox: bugfix
linux-firmware: A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.(CVE-2018-5383)
linux-firmware: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F7.

影响组件

  • sox
  • linux-firmware

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["sox-14.4.1-7.el7.x86_64.rpm","sox-debuginfo-14.4.1-7.el7.x86_64.rpm","sox-devel-14.4.1-7.el7.x86_64.rpm"],"source":"sox-14.4.1-7.el7.src.rpm"},{"binary":["linux-firmware-20190429-72.gitddde598.el7.cgslv5_5.noarch.rpm","iwl100-firmware-39.31.5.1-72.el7.cgslv5_5.noarch.rpm","iwl1000-firmware-39.31.5.1-72.el7.cgslv5_5.noarch.rpm","iwl105-firmware-18.168.6.1-72.el7.cgslv5_5.noarch.rpm","iwl135-firmware-18.168.6.1-72.el7.cgslv5_5.noarch.rpm","iwl2000-firmware-18.168.6.1-72.el7.cgslv5_5.noarch.rpm","iwl2030-firmware-18.168.6.1-72.el7.cgslv5_5.noarch.rpm","iwl3160-firmware-22.0.7.0-72.el7.cgslv5_5.noarch.rpm","iwl3945-firmware-15.32.2.9-72.el7.cgslv5_5.noarch.rpm","iwl4965-firmware-228.61.2.24-72.el7.cgslv5_5.noarch.rpm","iwl5000-firmware-8.83.5.1_1-72.el7.cgslv5_5.noarch.rpm","iwl5150-firmware-8.24.2.2-72.el7.cgslv5_5.noarch.rpm","iwl6000-firmware-9.221.4.1-72.el7.cgslv5_5.noarch.rpm","iwl6000g2a-firmware-17.168.5.3-72.el7.cgslv5_5.noarch.rpm","iwl6000g2b-firmware-17.168.5.2-72.el7.cgslv5_5.noarch.rpm","iwl6050-firmware-41.28.5.1-72.el7.cgslv5_5.noarch.rpm","iwl7260-firmware-22.0.7.0-72.el7.cgslv5_5.noarch.rpm","iwl7265-firmware-22.0.7.0-72.el7.cgslv5_5.noarch.rpm"],"source":"linux-firmware-20190429-72.gitddde598.el7.cgslv5_5.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["sox-14.4.1-7.el7.x86_64.rpm","sox-debuginfo-14.4.1-7.el7.x86_64.rpm","sox-devel-14.4.1-7.el7.x86_64.rpm"],"source":"sox-14.4.1-7.el7.src.rpm"},{"binary":["iwl100-firmware-39.31.5.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl1000-firmware-39.31.5.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl105-firmware-18.168.6.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl135-firmware-18.168.6.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl2000-firmware-18.168.6.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl2030-firmware-18.168.6.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl3160-firmware-22.0.7.0-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl3945-firmware-15.32.2.9-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl4965-firmware-228.61.2.24-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl5000-firmware-8.83.5.1_1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl5150-firmware-8.24.2.2-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl6000-firmware-9.221.4.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl6000g2a-firmware-17.168.5.3-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl6000g2b-firmware-17.168.5.2-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl6050-firmware-41.28.5.1-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl7260-firmware-22.0.7.0-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","iwl7265-firmware-22.0.7.0-72.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","linux-firmware-20190429-72.gitddde598.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","linux-firmware-core-20190429-72.gitddde598.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm","linux-firmware-other-20190429-72.gitddde598.el7.cgslv5_5.0.3.g98ef50d.lite.noarch.rpm"],"source":"linux-firmware-20190429-72.gitddde598.el7.cgslv5_5.0.3.g98ef50d.lite.src.rpm"}]}]}

CVE

参考