Debian has issued an advisory on January 18: https://www.debian.org/security/2021/dsa-4833 No further information given, so we'll have to check the patch(es) they added, but given the timing I'm guessing it was fixed upstream in the recent 1.18.3 release. Since it's in H264, it probably only affects tainted.
Whiteboard: (none) => MGA7TOO
the upstream patch is here: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc
CC: (none) => mageiaStatus comment: (none) => https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc
to add more infos, i took it from debian changelog: gst-plugins-bad1.0 (1.14.4-1deb10u1) buster-security; urgency=high * debian/patches/02_ref_pic_markings_overflow.patch: Fix possible overflow of ref-pic-markings array with specially crafted streams. See https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc and https://bugzilla.redhat.com/show_bug.cgi?id=1917192 for details.
after looking this is already fixed in cauldron ( fixed in 1.18.3 already )
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
Thanks for the research. No official maintainer for this pkg, so assigning globally. CC'ing Jani who has done most updates to this in recent times.
Assignee: bugsquad => pkg-bugsCC: (none) => jani.valimaa
1.18.3 isn't in Cauldron yet (only updates_testing).
Summary: gstreamer1.0-plugins-bad new buffer overflow security issue => gstreamer1.0-plugins-bad new buffer overflow security issue (CVE-2021-3185)Whiteboard: (none) => MGA7TOOVersion: 7 => Cauldron
According to oss-sec mail it was fixed in 1.18.1 https://seclists.org/oss-sec/2021/q1/59
I love how Debian knew about it before that was even posted.
Suggested advisory: ======================== The updated packages fix a security vulnerability: A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. (CVE-2021-3185) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3185 https://www.debian.org/security/2021/dsa-4833 https://bugzilla.redhat.com/show_bug.cgi?id=1917192 https://seclists.org/oss-sec/2021/q1/59 ======================== Updated packages in core/updates_testing: ======================== gstreamer1.0-plugins-bad-1.16.0-1.1.mga7 lib(64)gstphotography1.0_0-1.16.0-1.1.mga7 lib(64)gstcodecparsers1.0_0-1.16.0-1.1.mga7 lib(64)gstbasecamerabinsrc1.0_0-1.16.0-1.1.mga7 lib(64)gstbadaudio1.0_0-1.16.0-1.1.mga7 lib(64)gstplayer1.0_0-1.16.0-1.1.mga7 lib(64)gstwayland1.0_0-1.16.0-1.1.mga7 lib(64)gstinsertbin1.0_0-1.16.0-1.1.mga7 lib(64)gstmpegts1.0_0-1.16.0-1.1.mga7 lib(64)gsturidownloader1.0_0-1.16.0-1.1.mga7 lib(64)gstisoff1.0_0-1.16.0-1.1.mga7 lib(64)gstwebrtc1.0_0-1.16.0-1.1.mga7 lib(64)gstsctp1.0_0-1.16.0-1.1.mga7 lib(64)gstreamer-plugins-bad1.0-devel-1.16.0-1.1.mga7 gstreamer1.0-curl-1.16.0-1.1.mga7 gstreamer1.0-mpeg2enc-1.16.0-1.1.mga7 gstreamer1.0-gme-1.16.0-1.1.mga7 gstreamer1.0-mms-1.16.0-1.1.mga7 gstreamer1.0-rtmp-1.16.0-1.1.mga7 gstreamer1.0-soundtouch-1.16.0-1.1.mga7 gstreamer1.0-libass-1.16.0-1.1.mga7 gstreamer1.0-wildmidi-1.16.0-1.1.mga7 gstreamer1.0-plugins-bad-doc-1.16.0-1.1.mga7 lib(64)gstreamer-plugins-bad-gir1.0-1.16.0-1.1.mga7 lib(64)gstplayer-gir1.0-1.16.0-1.1.mga7 lib(64)gstwebrtc-gir1.0-1.16.0-1.1.mga7 gstreamer1.0-plugins-bad-debugsource-1.16.0-1.1.mga7 gstreamer1.0-gsm-1.16.0-1.1.mga7 gstreamer1.0-dash-1.16.0-1.1.mga7 gstreamer1.0-fluidsynth-1.16.0-1.1.mga7 gstreamer1.0-ladspa-1.16.0-1.1.mga7 gstreamer1.0-neon-1.16.0-1.1.mga7 gstreamer1.0-ofa-1.16.0-1.1.mga7 gstreamer1.0-sbc-1.16.0-1.1.mga7 gstreamer1.0-smoothstreaming-1.16.0-1.1.mga7 gstreamer1.0-spandsp-1.16.0-1.1.mga7 gstreamer1.0-srtp-1.16.0-1.1.mga7 from SRPM: gstreamer1.0-plugins-bad-1.16.0-1.1.mga7.src.rpm Updated packages in tainted/updates_testing: ======================== gstreamer1.0-plugins-bad-1.16.0-1.1.mga7.tainted lib(64)gstphotography1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstcodecparsers1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstbasecamerabinsrc1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstbadaudio1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstplayer1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstwayland1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstinsertbin1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstmpegts1.0_0-1.16.0-1.1.mga7.tainted lib(64)gsturidownloader1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstisoff1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstwebrtc1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstsctp1.0_0-1.16.0-1.1.mga7.tainted lib(64)gstreamer-plugins-bad1.0-devel-1.16.0-1.1.mga7.tainted gstreamer1.0-curl-1.16.0-1.1.mga7.tainted gstreamer1.0-mpeg2enc-1.16.0-1.1.mga7.tainted gstreamer1.0-gme-1.16.0-1.1.mga7.tainted gstreamer1.0-mms-1.16.0-1.1.mga7.tainted gstreamer1.0-rtmp-1.16.0-1.1.mga7.tainted gstreamer1.0-soundtouch-1.16.0-1.1.mga7.tainted gstreamer1.0-libass-1.16.0-1.1.mga7.tainted gstreamer1.0-wildmidi-1.16.0-1.1.mga7.tainted gstreamer1.0-plugins-bad-doc-1.16.0-1.1.mga7.tainted lib(64)gstreamer-plugins-bad-gir1.0-1.16.0-1.1.mga7.tainted lib(64)gstplayer-gir1.0-1.16.0-1.1.mga7.tainted lib(64)gstwebrtc-gir1.0-1.16.0-1.1.mga7.tainted gstreamer1.0-plugins-bad-debugsource-1.16.0-1.1.mga7.tainted gstreamer1.0-faad-1.16.0-1.1.mga7.tainted gstreamer1.0-gsm-1.16.0-1.1.mga7.tainted gstreamer1.0-dash-1.16.0-1.1.mga7.tainted gstreamer1.0-fluidsynth-1.16.0-1.1.mga7.tainted gstreamer1.0-ladspa-1.16.0-1.1.mga7.tainted gstreamer1.0-neon-1.16.0-1.1.mga7.tainted gstreamer1.0-ofa-1.16.0-1.1.mga7.tainted gstreamer1.0-sbc-1.16.0-1.1.mga7.tainted gstreamer1.0-smoothstreaming-1.16.0-1.1.mga7.tainted gstreamer1.0-spandsp-1.16.0-1.1.mga7.tainted gstreamer1.0-srtp-1.16.0-1.1.mga7.tainted gstreamer1.0-x265-1.16.0-1.1.mga7.tainted gstreamer1.0-fdkaac-1.16.0-1.1.mga7.tainted from SRPM: gstreamer1.0-plugins-bad-1.16.0-1.1.mga7.tainted.src.rpm
Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCC: (none) => nicolas.salgueroCVE: (none) => CVE-2021-3185Status comment: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc => (none)
Installed and tested without issues. Updated packages: - gstreamer1.0-faad-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-gme-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-gsm-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-mms-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-neon-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-ofa-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-plugins-bad-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-rtmp-1.16.0-1.1.mga7.tainted.x86_64 - gstreamer1.0-x265-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstbadaudio1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstbasecamerabinsrc1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstcodecparsers1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstmpegts1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstphotography1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstsctp1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gsturidownloader1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstwayland1.0_0-1.16.0-1.1.mga7.tainted.x86_64 - lib64gstwebrtc1.0_0-1.16.0-1.1.mga7.tainted.x86_64 Tested on a large number of video and audio files. No issues. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia-current proprietary driver. $ strace --trace=openat -o ~/tmp/strace.log dragon <SNIP> $ egrep 'lib.*(gstreamer|libgst)' ~/tmp/strace.log | sort -u openat(AT_FDCWD, "/lib64/libgstallocators-1.0.so.0", O_RDONLY|O_CLOEXEC) = 16 openat(AT_FDCWD, "/lib64/libgstapp-1.0.so.0", O_RDONLY|O_CLOEXEC) = 10 openat(AT_FDCWD, "/lib64/libgstaudio-1.0.so.0", O_RDONLY|O_CLOEXEC) = 10 openat(AT_FDCWD, "/lib64/libgstbase-1.0.so.0", O_RDONLY|O_CLOEXEC) = 10 openat(AT_FDCWD, "/lib64/libgstcodecparsers-1.0.so.0", O_RDONLY|O_CLOEXEC) = 33 openat(AT_FDCWD, "/lib64/libgstpbutils-1.0.so.0", O_RDONLY|O_CLOEXEC) = 10 openat(AT_FDCWD, "/lib64/libgstreamer-1.0.so.0", O_RDONLY|O_CLOEXEC) = 10 openat(AT_FDCWD, "/lib64/libgsttag-1.0.so.0", O_RDONLY|O_CLOEXEC) = 10 openat(AT_FDCWD, "/lib64/libgstvideo-1.0.so.0", O_RDONLY|O_CLOEXEC) = 10 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstaudioconvert.so", O_RDONLY|O_CLOEXEC) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstaudioresample.so", O_RDONLY|O_CLOEXEC) = 24 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstautoconvert.so", O_RDONLY|O_CLOEXEC) = 33 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstcoreelements.so", O_RDONLY|O_CLOEXEC) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstplayback.so", O_RDONLY|O_CLOEXEC) = 24 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstpulseaudio.so", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstpulseaudio.so", O_RDONLY|O_CLOEXEC) = 16 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstresindvd.so", O_RDONLY|O_CLOEXEC) = 33 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstvideo4linux2.so", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstvideo4linux2.so", O_RDONLY|O_CLOEXEC) = 16 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstvideoconvert.so", O_RDONLY|O_CLOEXEC) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstvideofilter.so", O_RDONLY|O_CLOEXEC) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstvideoparsersbad.so", O_RDONLY|O_CLOEXEC) = 33 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstvideoscale.so", O_RDONLY|O_CLOEXEC) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstvolume.so", O_RDONLY|O_CLOEXEC) = 24 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstxvimagesink.so", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0/libgstxvimagesink.so", O_RDONLY|O_CLOEXEC) = 16 openat(AT_FDCWD, "/usr/lib64/gstreamer-1.0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 16 openat(AT_FDCWD, "/usr/lib64/libgstallocators-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/libgstapp-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/libgstaudio-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/libgstbase-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/libgstpbutils-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/libgstreamer-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/libgsttag-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/libgstvideo-1.0.so.0.1600.0", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/qt5/plugins/phonon4qt5_backend/phonon_gstreamer.so", O_RDONLY) = 17 openat(AT_FDCWD, "/usr/lib64/qt5/plugins/phonon4qt5_backend/phonon_gstreamer.so", O_RDONLY|O_CLOEXEC) = 10
CC: (none) => mageia
I think that's good enough. Sending it on. Validating. Advisory in Comment 8.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Advisory committed to SVN.
CC: (none) => ouaurelien
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0079.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED