28977 – gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522)

Bug 28977 - gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522)

Summary: gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-05-28 00:09 CEST by David Walser
Modified:	2021-07-10 22:01 CEST (History)
CC List:	5 users (show)

See Also:	29144
Source RPM:	gstreamer1.0-plugins-base-1.18.3-1.mga8.src.rpm, gstreamer1.0-plugins-bad-1.18.3-1.mga8.src.rpm
CVE:	CVE-2021-3522
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-05-28 00:09:08 CEST

+++ This bug was initially created as a clone of Bug #28685 +++

Several issues are fixed upstream in 1.18.4:
https://gstreamer.freedesktop.org/releases/1.18/#1.18.4

Debian has issued advisories on April 24:
https://www.debian.org/security/2021/dsa-4903
https://www.debian.org/security/2021/dsa-4902

Including fixes for base and bad, which we didn't update in Bug 28685, as they weren't listed in upstream's advisory.  Perhaps there were fixes that we missed.

David Walser 2021-05-28 00:09:34 CEST

Whiteboard: (none) => MGA7TOO
Source RPM: gstreamer1.0-plugins-good-1.18.3-1.mga8.src.rpm, gstreamer1.0-plugins-ugly-1.18.3-1.mga8.src.rpm, gstreamer1.0-libav-1.18.3-1.mga8.src.rpm => gstreamer1.0-plugins-base-1.18.3-1.mga8.src.rpm, gstreamer1.0-plugins-bad-1.18.3-1.mga8.src.rpm

Comment 1 David Walser 2021-05-28 21:34:01 CEST

Yes, CVE-2021-3522 was fixed in gstreamer1.0-plugins-base 1.18.4:
https://ubuntu.com/security/notices/USN-4959-1

Summary: gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad possible new security issues fixed upstream in 1.18.4 => gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522)
Severity: normal => major

Comment 2 Lewis Smith 2021-06-02 21:07:25 CEST

We have version 1.18.4 in Cauldron.

In the light of no registered maintainer, and given the many CVE updates in progress, Jani will excuse me for assigning this bug to him - who has committed all newest versions, and is already CC'd.

CC: jani.valimaa => (none)
Assignee: bugsquad => jani.valimaa

Comment 3 David Walser 2021-06-16 19:40:05 CEST

Fedora has issued an advisory today (June 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FIELJQTRGQZGHBEJDQ7CJYI4DFNWMP74/

It backports a couple more security fixes for plugins-bad.

Summary: gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522) => gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522 and CVE-2021-3047[35])

David Walser 2021-06-16 19:42:44 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29144

Comment 4 David Walser 2021-06-16 19:43:13 CEST

(In reply to David Walser from comment #3)
> Fedora has issued an advisory today (June 16):
> https://lists.fedoraproject.org/archives/list/package-announce@lists.
> fedoraproject.org/thread/FIELJQTRGQZGHBEJDQ7CJYI4DFNWMP74/
> 
> It backports a couple more security fixes for plugins-bad.

Those CVEs are in dynamically linked libaom (see Bug 29144).

Summary: gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522 and CVE-2021-3047[35]) => gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522)

Comment 5 David Walser 2021-06-27 22:25:40 CEST

Note that gstreamer1.0-plugins-bad is in core and tainted.

Updated packages in core/updates_testing:
========================
gstreamer1.0-plugins-base-1.16.0-2.1.mga7
libgstreamer-plugins-base1.0_0-1.16.0-2.1.mga7
libgstreamer-plugins-base-gir1.0-1.16.0-2.1.mga7
libgstgl-gir1.0-1.16.0-2.1.mga7
libgstreamer-plugins-base1.0-devel-1.16.0-2.1.mga7
gstreamer1.0-cdparanoia-1.16.0-2.1.mga7
gstreamer1.0-libvisual-1.16.0-2.1.mga7
libgstgl1.0_0-1.16.0-2.1.mga7
gstreamer1.0-plugins-base-1.18.3-1.1.mga8
libgstreamer-plugins-base1.0_0-1.18.3-1.1.mga8
libgstreamer-plugins-base1.0-devel-1.18.3-1.1.mga8
libgstgl1.0_0-1.18.3-1.1.mga8
libgstreamer-plugins-base-gir1.0-1.18.3-1.1.mga8
gstreamer1.0-cdparanoia-1.18.3-1.1.mga8
libgstgl-gir1.0-1.18.3-1.1.mga8
gstreamer1.0-libvisual-1.18.3-1.1.mga8

Updated packages in {core,tainted}/updates_testing:
========================
gstreamer1.0-plugins-bad-1.16.0-1.2.mga7
libgstphotography1.0_0-1.16.0-1.2.mga7
libgstcodecparsers1.0_0-1.16.0-1.2.mga7
libgstbasecamerabinsrc1.0_0-1.16.0-1.2.mga7
libgstbadaudio1.0_0-1.16.0-1.2.mga7
libgstplayer1.0_0-1.16.0-1.2.mga7
libgstwayland1.0_0-1.16.0-1.2.mga7
libgstinsertbin1.0_0-1.16.0-1.2.mga7
libgstmpegts1.0_0-1.16.0-1.2.mga7
libgsturidownloader1.0_0-1.16.0-1.2.mga7
libgstisoff1.0_0-1.16.0-1.2.mga7
libgstwebrtc1.0_0-1.16.0-1.2.mga7
libgstsctp1.0_0-1.16.0-1.2.mga7
libgstreamer-plugins-bad1.0-devel-1.16.0-1.2.mga7
gstreamer1.0-curl-1.16.0-1.2.mga7
gstreamer1.0-mpeg2enc-1.16.0-1.2.mga7
gstreamer1.0-gme-1.16.0-1.2.mga7
gstreamer1.0-mms-1.16.0-1.2.mga7
gstreamer1.0-rtmp-1.16.0-1.2.mga7
gstreamer1.0-soundtouch-1.16.0-1.2.mga7
gstreamer1.0-libass-1.16.0-1.2.mga7
gstreamer1.0-wildmidi-1.16.0-1.2.mga7
gstreamer1.0-plugins-bad-doc-1.16.0-1.2.mga7
libgstreamer-plugins-bad-gir1.0-1.16.0-1.2.mga7
libgstplayer-gir1.0-1.16.0-1.2.mga7
libgstwebrtc-gir1.0-1.16.0-1.2.mga7
gstreamer1.0-gsm-1.16.0-1.2.mga7
gstreamer1.0-dash-1.16.0-1.2.mga7
gstreamer1.0-fluidsynth-1.16.0-1.2.mga7
gstreamer1.0-ladspa-1.16.0-1.2.mga7
gstreamer1.0-neon-1.16.0-1.2.mga7
gstreamer1.0-ofa-1.16.0-1.2.mga7
gstreamer1.0-sbc-1.16.0-1.2.mga7
gstreamer1.0-smoothstreaming-1.16.0-1.2.mga7
gstreamer1.0-spandsp-1.16.0-1.2.mga7
gstreamer1.0-srtp-1.16.0-1.2.mga7
libgstreamer-plugins-bad1.0-devel-1.18.3-1.1.mga8
libgstcodecparsers1.0_0-1.18.3-1.1.mga8
gstreamer1.0-dash-1.18.3-1.1.mga8
gstreamer1.0-plugins-bad-1.18.3-1.1.mga8
libgstplayer1.0_0-1.18.3-1.1.mga8
libgstmpegts1.0_0-1.18.3-1.1.mga8
gstreamer1.0-curl-1.18.3-1.1.mga8
libgstcodecs1.0_0-1.18.3-1.1.mga8
gstreamer1.0-mpeg2enc-1.18.3-1.1.mga8
gstreamer1.0-transcoder-1.18.3-1.1.mga8
libgstbadaudio1.0_0-1.18.3-1.1.mga8
gstreamer1.0-srtp-1.18.3-1.1.mga8
libgirgstmpegts-gir1.0-1.18.3-1.1.mga8
gstreamer1.0-ladspa-1.18.3-1.1.mga8
gstreamer1.0-smoothstreaming-1.18.3-1.1.mga8
gstreamer1.0-libass-1.18.3-1.1.mga8
libgstwebrtc1.0_0-1.18.3-1.1.mga8
libgsttranscoder1.0_0-1.18.3-1.1.mga8
libgsttranscoder-devel-1.18.3-1.1.mga8
gstreamer1.0-soundtouch-1.18.3-1.1.mga8
gstreamer1.0-rtmp-1.18.3-1.1.mga8
gstreamer1.0-neon-1.18.3-1.1.mga8
libgstbasecamerabinsrc1.0_0-1.18.3-1.1.mga8
libgstphotography1.0_0-1.18.3-1.1.mga8
gstreamer1.0-mms-1.18.3-1.1.mga8
gstreamer1.0-fluidsynth-1.18.3-1.1.mga8
libgsturidownloader1.0_0-1.18.3-1.1.mga8
libgstinsertbin1.0_0-1.18.3-1.1.mga8
gstreamer1.0-sbc-1.18.3-1.1.mga8
gstreamer1.0-gme-1.18.3-1.1.mga8
gstreamer1.0-gsm-1.18.3-1.1.mga8
libgstisoff1.0_0-1.18.3-1.1.mga8
gstreamer1.0-wildmidi-1.18.3-1.1.mga8
libgstplayer-gir1.0-1.18.3-1.1.mga8
libgstwebrtc-gir1.0-1.18.3-1.1.mga8
gstreamer1.0-ofa-1.18.3-1.1.mga8
libgstsctp1.0_0-1.18.3-1.1.mga8
libgstwayland1.0_0-1.18.3-1.1.mga8
libgstbadaudio-gir1.0-1.18.3-1.1.mga8
libgstcodecs-gir1.0-1.18.3-1.1.mga8
libgsttranscoder-gir1.0-1.18.3-1.1.mga8
libgirinsertbin-git1.0-1.18.3-1.1.mga8

from SRPMS:
gstreamer1.0-plugins-base-1.16.0-2.1.mga7.src.rpm
gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.src.rpm
gstreamer1.0-plugins-base-1.18.3-1.1.mga8.src.rpm
gstreamer1.0-plugins-bad-1.18.3-1.1.mga8.src.rpm

Assignee: jani.valimaa => qa-bugs
CC: (none) => jani.valimaa

Comment 6 David Walser 2021-06-27 22:28:38 CEST

Advisory:
========================

Updated gstreamer1.0-plugins-base and gstreamer1.0-plugins bad packages fix security vulnerabilities:

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain
ID3v2 tags (CVE-2021-3522).

Overflows in AVC/HEVC NAL unit length calculations, which would lead to
allocating infinite amounts of small memory blocks until OOM and could
potentially also lead to memory corruptions.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3522
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
https://www.debian.org/security/2021/dsa-4903
https://www.debian.org/security/2021/dsa-4902
https://ubuntu.com/security/notices/USN-4959-1

Comment 7 PC LX 2021-06-28 18:45:49 CEST

Installed and tested without issues.


Tested using the totem player on a large variety of files. No regressions.



System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia-current proprietary driver.



$ uname -a
Linux marte 5.10.45-desktop-2.mga7 #1 SMP Sat Jun 19 15:58:30 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep gst | sort
gstreamer1.0-a52dec-1.16.0-1.1.mga7.tainted
gstreamer1.0-amrnb-1.16.0-1.1.mga7.tainted
gstreamer1.0-cdio-1.16.0-1.1.mga7.tainted
gstreamer1.0-cdparanoia-1.16.0-2.1.mga7
gstreamer1.0-dv-1.16.0-1.1.mga7
gstreamer1.0-faad-1.16.0-1.2.mga7.tainted
gstreamer1.0-farstream-0.2.8-2.mga7
gstreamer1.0-flac-1.16.0-1.1.mga7
gstreamer1.0-gme-1.16.0-1.2.mga7.tainted
gstreamer1.0-gsm-1.16.0-1.2.mga7.tainted
gstreamer1.0-gstclutter3-3.0.27-1.mga7
gstreamer1.0-lame-1.16.0-1.1.mga7
gstreamer1.0-libav-1.16.0-1.1.mga7
gstreamer1.0-mms-1.16.0-1.2.mga7.tainted
gstreamer1.0-mpeg-1.16.0-1.1.mga7.tainted
gstreamer1.0-neon-1.16.0-1.2.mga7.tainted
gstreamer1.0-ofa-1.16.0-1.2.mga7.tainted
gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.tainted
gstreamer1.0-plugins-base-1.16.0-2.1.mga7
gstreamer1.0-plugins-good-1.16.0-1.1.mga7
gstreamer1.0-plugins-ugly-1.16.0-1.1.mga7.tainted
gstreamer1.0-pulse-1.16.0-1.1.mga7
gstreamer1.0-rtmp-1.16.0-1.2.mga7.tainted
gstreamer1.0-soundtouch-1.16.0-1.2.mga7.tainted
gstreamer1.0-soup-1.16.0-1.1.mga7
gstreamer1.0-speex-1.16.0-1.1.mga7
gstreamer1.0-tools-1.16.0-2.mga7
gstreamer1.0-twolame-1.16.0-1.1.mga7
gstreamer1.0-wavpack-1.16.0-1.1.mga7
gstreamer1.0-x264-1.16.0-1.1.mga7.tainted
gstreamer1.0-x265-1.16.0-1.2.mga7.tainted
lib64clutter-gst3.0_0-3.0.27-1.mga7
lib64gstbadaudio1.0_0-1.16.0-1.2.mga7.tainted
lib64gstbasecamerabinsrc1.0_0-1.16.0-1.2.mga7.tainted
lib64gstcodecparsers1.0_0-1.16.0-1.2.mga7.tainted
lib64gst-gir1.0-1.16.0-2.mga7
lib64gstgl1.0_0-1.16.0-2.1.mga7
lib64gstmpegts1.0_0-1.16.0-1.2.mga7.tainted
lib64gstphotography1.0_0-1.16.0-1.2.mga7.tainted
lib64gstreamer1.0_0-1.16.0-2.mga7
lib64gstreamer-plugins-base1.0_0-1.16.0-2.1.mga7
lib64gstsctp1.0_0-1.16.0-1.2.mga7.tainted
lib64gsturidownloader1.0_0-1.16.0-1.2.mga7.tainted
lib64gstwayland1.0_0-1.16.0-1.2.mga7.tainted
lib64gstwebrtc1.0_0-1.16.0-1.2.mga7.tainted
lib64qt5gstreamer1.0_0-1.2.0-8.mga7
lib64qt5gstreamerquick1.0_0-1.2.0-8.mga7
lib64qt5multimediagsttools5-5.12.6-1.mga7
libgstreamer1.0_0-1.16.0-2.mga7
libgstreamer-plugins-base1.0_0-1.16.0-2.1.mga7
phonon4qt5-gstreamer-4.9.0-6.mga7
phonon-gstreamer-common-4.9.0-6.mga7
qt5-gstreamer-1.2.0-8.mga7

CC: (none) => mageia

Comment 8 PC LX 2021-06-29 12:39:12 CEST

Since the end-of-support for Mageia 7 is approaching, I'm giving this update an OK for x86_64 based on comment 7.

Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK

Comment 9 David Walser 2021-07-08 23:37:24 CEST

Tested the PoC for CVE-2021-3522 from here:
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876

Before:
$ gst-play-1.0 --verbose --volume=0.0 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3
Volume: 0%                  
Press 'k' to see a list of keyboard shortcuts.
Now playing https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: ring-buffer-max-size = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-size = -1
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-duration = -1
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: force-sw-decoders = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: use-buffering = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: download = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: uri = https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: connection-speed = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: source = "\(GstSoupHTTPSrc\)\ source"
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstTypeFindElement:typefindelement0.GstPad:src: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind: force-caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0: sink-caps = application/x-id3

/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:sink: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:src: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink.GstProxyPad:proxypad0: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:src: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0.GstPad:sink: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:sink: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink: caps = application/x-id3
Segmentation fault (core dumped)

After:
$ gst-play-1.0 --verbose --volume=0.0 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3
Volume: 0%                  
Press 'k' to see a list of keyboard shortcuts.
Now playing https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: ring-buffer-max-size = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-size = -1
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-duration = -1
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: force-sw-decoders = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: use-buffering = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: download = false
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: uri = https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: connection-speed = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: source = "\(GstSoupHTTPSrc\)\ source"
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstTypeFindElement:typefindelement0.GstPad:src: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind: force-caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0: sink-caps = application/x-id3

/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:sink: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:src: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink.GstProxyPad:proxypad0: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:src: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0.GstPad:sink: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:sink: caps = application/x-id3
/GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink: caps = application/x-id3
ERROR Could not determine type of stream. for https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3
ERROR debug information: ../gst-libs/gst/tag/gsttagdemux.c(762): gst_tag_demux_sink_event (): /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0
Reached end of play list.

So that successfully demonstrates the issue and the fix!  That takes care of gstreamer1.0-plugins-base (Mageia 8 x86_64).

For gstreamer1.0-plugins-bad, you'd need to test a player using gstreamer1.0-x264 or gstreamer1.0-x265 with an appropriate file.

Comment 10 Thomas Andrews 2021-07-10 15:44:42 CEST

Test system: i5-2500, Intel graphics, 64-bit Plasma system. Went to install totem, but that wanted to add a bunch of gnome stuff I didn't want on this system, so I installed parole instead.

No installation issues with either core or tainted versions. Tested core firts, then updated to tainted.

"For gstreamer1.0-plugins-bad, you'd need to test a player using gstreamer1.0-x264 or gstreamer1.0-x265 with an appropriate file."

Tested more than one of those that had been produced by Handbrake, as well as some videos that used other codecs, with both core and tainted versions, and all played just fine. Also played a couple of audio files with Clementine.

Looks good to go. Validating. Advisory in Comment 6.

Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 11 Aurelien Oudelet 2021-07-10 17:01:29 CEST

type: security
subject: Updated gstreamer1.0-plugins-base and gstreamer1.0-plugins-bad packages
fix security vulnerabilities
CVE:
 - CVE-2021-3522
src:
  7:
   core:
     - gstreamer1.0-plugins-base-1.16.0-2.1.mga7
     - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7
   tainted:
     - gstreamer1.0-plugins-base-1.16.0-2.1.mga7.tainted
     - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.tainted
  8:
   core:
     - gstreamer1.0-plugins-base-1.18.3-1.1.mga8
     - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8
   tainted:
     - gstreamer1.0-plugins-base-1.18.3-1.1.mga8.tainted
     - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8.tainted
description: |
  GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain
  ID3v2 tags (CVE-2021-3522).
  
  Overflows in AVC/HEVC NAL unit length calculations, which would lead to
  allocating infinite amounts of small memory blocks until OOM and could
  potentially also lead to memory corruptions.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28977
 - https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
 - https://www.debian.org/security/2021/dsa-4903
 - https://www.debian.org/security/2021/dsa-4902
 - https://ubuntu.com/security/notices/USN-4959-1

CVE: (none) => CVE-2021-3522
CC: (none) => ouaurelien
Keywords: (none) => advisory

Comment 12 David Walser 2021-07-10 17:05:29 CEST

Advisory is wrong, base is not in tainted.

David Walser 2021-07-10 17:06:30 CEST

Keywords: advisory => (none)

Comment 13 Aurelien Oudelet 2021-07-10 18:12:09 CEST

(In reply to David Walser from comment #12)
> Advisory is wrong, base is not in tainted.

Corrected.

type: security
subject: Updated gstreamer1.0-plugins-base and gstreamer1.0-plugins-bad packages
  fix security vulnerabilities
CVE:
 - CVE-2021-3522
src:
  7:
   core:
     - gstreamer1.0-plugins-base-1.16.0-2.1.mga7
     - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7
   tainted:
     - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.tainted
  8:
   core:
     - gstreamer1.0-plugins-base-1.18.3-1.1.mga8
     - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8
   tainted:
     - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8.tainted
description: |
  GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain
  ID3v2 tags (CVE-2021-3522).
  
  Overflows in AVC/HEVC NAL unit length calculations, which would lead to
  allocating infinite amounts of small memory blocks until OOM and could
  potentially also lead to memory corruptions.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28977
 - https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
 - https://www.debian.org/security/2021/dsa-4903
 - https://www.debian.org/security/2021/dsa-4902
 - https://ubuntu.com/security/notices/USN-4959-1

Keywords: (none) => advisory

Comment 14 Mageia Robot 2021-07-10 22:01:53 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0334.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.