Bug 19802 - gstreamer0.10-plugins-bad new security issue in NES Sound File format decoding (CVE-2016-9447)
Summary: gstreamer0.10-plugins-bad new security issue in NES Sound File format decodin...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/706586/
Whiteboard:
Keywords: feedback
Depends on:
Blocks:
 
Reported: 2016-11-16 19:29 CET by David Walser
Modified: 2017-09-06 15:08 CEST (History)
2 users (show)

See Also:
Source RPM: gstreamer0.10-plugins-bad
CVE:
Status comment:


Attachments

Description David Walser 2016-11-16 19:29:41 CET
Debian has issued an advisory on November 15:
https://www.debian.org/security/2016/dsa-3713

Mageia 5 is also affected.
David Walser 2016-11-16 19:29:47 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Marja van Waes 2016-11-18 10:25:18 CET
Assigning to the registered maintainer

Assignee: bugsquad => shlomif
CC: (none) => marja11

Comment 2 David Walser 2016-11-19 20:38:24 CET
Appears to be fixed in Cauldron by Shlomi.

Make sure it gets built in core too, since I think I only saw tainted.

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 3 David Walser 2016-11-20 17:16:07 CET
CVE-2016-9447:
http://openwall.com/lists/oss-security/2016/11/18/13

Summary: gstreamer0.10-plugins-bad new security issue in NES Sound File format decoding => gstreamer0.10-plugins-bad new security issue in NES Sound File format decoding (CVE-2016-9447)

Comment 4 Nicolas Lécureuil 2017-08-22 11:53:44 CEST
pushed in updates_testing
src.rpm:
        gstreamer0.10-plugins-bad-0.10.23-22.1.mga5

Assignee: shlomif => qa-bugs
CC: (none) => mageia

Comment 5 David Walser 2017-08-22 12:27:34 CEST
Advisory:
========================

Updated gstreamer0.10-plugins-bad packages fix security vulnerability:

Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound
Format files allowed the execution of arbitrary code (CVE-2016-9447).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9447
https://www.debian.org/security/2016/dsa-3713
http://openwall.com/lists/oss-security/2016/11/18/13
========================

Updated packages in core/updates_testing:
========================
gstreamer0.10-plugins-bad-0.10.23-22.1.mga5
libgstphotography0.10_0-0.10.23-22.1.mga5
libgstvdp0.10_0-0.10.23-22.1.mga5
libgstphotography-devel-0.10.23-22.1.mga5
libgstbasevideo0.10_0-0.10.23-22.1.mga5
libgstbasevideo-devel-0.10.23-22.1.mga5
gstreamer0.10-curl-0.10.23-22.1.mga5
gstreamer0.10-dc1394-0.10.23-22.1.mga5
gstreamer0.10-ofa-0.10.23-22.1.mga5
gstreamer0.10-wildmidi-0.10.23-22.1.mga5
gstreamer0.10-mpeg2enc-0.10.23-22.1.mga5
gstreamer0.10-gme-0.10.23-22.1.mga5
gstreamer0.10-dirac-0.10.23-22.1.mga5
gstreamer0.10-schroedinger-0.10.23-22.1.mga5
gstreamer0.10-vp8-0.10.23-22.1.mga5
gstreamer0.10-ladspa-0.10.23-22.1.mga5
gstreamer0.10-musepack-0.10.23-22.1.mga5
gstreamer0.10-mms-0.10.23-22.1.mga5
gstreamer0.10-rtmp-0.10.23-22.1.mga5
gstreamer0.10-directfb-0.10.23-22.1.mga5
gstreamer0.10-soundtouch-0.10.23-22.1.mga5
gstreamer0.10-kate-0.10.23-22.1.mga5
gstreamer0.10-libass-0.10.23-22.1.mga5
gstreamer0.10-resindvd-0.10.23-22.1.mga5
gstreamer0.10-voip-0.10.23-22.1.mga5
gstreamer0.10-cog-0.10.23-22.1.mga5
gstreamer0.10-plugins-bad-doc-0.10.23-22.1.mga5
gstreamer0.10-plugins-bad-debuginfo-0.10.23-22.1.mga5
gstreamer0.10-vdpau-0.10.23-22.1.mga5
gstreamer0.10-gsm-0.10.23-22.1.mga5
gstreamer0.10-neon-0.10.23-22.1.mga5
gstreamer0.10-nas-0.10.23-22.1.mga5
gstreamer0.10-jp2k-0.10.23-22.1.mga5
gstreamer0.10-celt-0.10.23-22.1.mga5
gstreamer0.10-rsvg-0.10.23-22.1.mga5

from gstreamer0.10-plugins-bad-0.10.23-22.1.mga5.src.rpm
Comment 6 David Walser 2017-08-26 23:10:36 CEST
This package also needs a tainted build.  Additionally, we still have Bug 19814 and Bug 20238 that we also need to fix for this package.

Whiteboard: (none) => feedback

Comment 7 Samuel Verschelde 2017-09-06 15:08:41 CEST
Moving 'feedback' from whiteboard to keywords now that madb has been updated to handle that keyword.

Keywords: (none) => feedback
Whiteboard: feedback => (none)


Note You need to log in before you can comment on or make changes to this bug.