+++ This bug was initially created as a clone of Bug #28685 +++ Several issues are fixed upstream in 1.18.4: https://gstreamer.freedesktop.org/releases/1.18/#1.18.4 Debian has issued advisories on April 24: https://www.debian.org/security/2021/dsa-4903 https://www.debian.org/security/2021/dsa-4902 Including fixes for base and bad, which we didn't update in Bug 28685, as they weren't listed in upstream's advisory. Perhaps there were fixes that we missed.
Whiteboard: (none) => MGA7TOOSource RPM: gstreamer1.0-plugins-good-1.18.3-1.mga8.src.rpm, gstreamer1.0-plugins-ugly-1.18.3-1.mga8.src.rpm, gstreamer1.0-libav-1.18.3-1.mga8.src.rpm => gstreamer1.0-plugins-base-1.18.3-1.mga8.src.rpm, gstreamer1.0-plugins-bad-1.18.3-1.mga8.src.rpm
Yes, CVE-2021-3522 was fixed in gstreamer1.0-plugins-base 1.18.4: https://ubuntu.com/security/notices/USN-4959-1
Summary: gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad possible new security issues fixed upstream in 1.18.4 => gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522)Severity: normal => major
We have version 1.18.4 in Cauldron. In the light of no registered maintainer, and given the many CVE updates in progress, Jani will excuse me for assigning this bug to him - who has committed all newest versions, and is already CC'd.
CC: jani.valimaa => (none)Assignee: bugsquad => jani.valimaa
Fedora has issued an advisory today (June 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FIELJQTRGQZGHBEJDQ7CJYI4DFNWMP74/ It backports a couple more security fixes for plugins-bad.
Summary: gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522) => gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522 and CVE-2021-3047[35])
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29144
(In reply to David Walser from comment #3) > Fedora has issued an advisory today (June 16): > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/FIELJQTRGQZGHBEJDQ7CJYI4DFNWMP74/ > > It backports a couple more security fixes for plugins-bad. Those CVEs are in dynamically linked libaom (see Bug 29144).
Summary: gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522 and CVE-2021-3047[35]) => gstreamer1.0-plugins-base, gstreamer1.0-plugins-bad new security issues fixed upstream in 1.18.4 (including CVE-2021-3522)
Note that gstreamer1.0-plugins-bad is in core and tainted. Updated packages in core/updates_testing: ======================== gstreamer1.0-plugins-base-1.16.0-2.1.mga7 libgstreamer-plugins-base1.0_0-1.16.0-2.1.mga7 libgstreamer-plugins-base-gir1.0-1.16.0-2.1.mga7 libgstgl-gir1.0-1.16.0-2.1.mga7 libgstreamer-plugins-base1.0-devel-1.16.0-2.1.mga7 gstreamer1.0-cdparanoia-1.16.0-2.1.mga7 gstreamer1.0-libvisual-1.16.0-2.1.mga7 libgstgl1.0_0-1.16.0-2.1.mga7 gstreamer1.0-plugins-base-1.18.3-1.1.mga8 libgstreamer-plugins-base1.0_0-1.18.3-1.1.mga8 libgstreamer-plugins-base1.0-devel-1.18.3-1.1.mga8 libgstgl1.0_0-1.18.3-1.1.mga8 libgstreamer-plugins-base-gir1.0-1.18.3-1.1.mga8 gstreamer1.0-cdparanoia-1.18.3-1.1.mga8 libgstgl-gir1.0-1.18.3-1.1.mga8 gstreamer1.0-libvisual-1.18.3-1.1.mga8 Updated packages in {core,tainted}/updates_testing: ======================== gstreamer1.0-plugins-bad-1.16.0-1.2.mga7 libgstphotography1.0_0-1.16.0-1.2.mga7 libgstcodecparsers1.0_0-1.16.0-1.2.mga7 libgstbasecamerabinsrc1.0_0-1.16.0-1.2.mga7 libgstbadaudio1.0_0-1.16.0-1.2.mga7 libgstplayer1.0_0-1.16.0-1.2.mga7 libgstwayland1.0_0-1.16.0-1.2.mga7 libgstinsertbin1.0_0-1.16.0-1.2.mga7 libgstmpegts1.0_0-1.16.0-1.2.mga7 libgsturidownloader1.0_0-1.16.0-1.2.mga7 libgstisoff1.0_0-1.16.0-1.2.mga7 libgstwebrtc1.0_0-1.16.0-1.2.mga7 libgstsctp1.0_0-1.16.0-1.2.mga7 libgstreamer-plugins-bad1.0-devel-1.16.0-1.2.mga7 gstreamer1.0-curl-1.16.0-1.2.mga7 gstreamer1.0-mpeg2enc-1.16.0-1.2.mga7 gstreamer1.0-gme-1.16.0-1.2.mga7 gstreamer1.0-mms-1.16.0-1.2.mga7 gstreamer1.0-rtmp-1.16.0-1.2.mga7 gstreamer1.0-soundtouch-1.16.0-1.2.mga7 gstreamer1.0-libass-1.16.0-1.2.mga7 gstreamer1.0-wildmidi-1.16.0-1.2.mga7 gstreamer1.0-plugins-bad-doc-1.16.0-1.2.mga7 libgstreamer-plugins-bad-gir1.0-1.16.0-1.2.mga7 libgstplayer-gir1.0-1.16.0-1.2.mga7 libgstwebrtc-gir1.0-1.16.0-1.2.mga7 gstreamer1.0-gsm-1.16.0-1.2.mga7 gstreamer1.0-dash-1.16.0-1.2.mga7 gstreamer1.0-fluidsynth-1.16.0-1.2.mga7 gstreamer1.0-ladspa-1.16.0-1.2.mga7 gstreamer1.0-neon-1.16.0-1.2.mga7 gstreamer1.0-ofa-1.16.0-1.2.mga7 gstreamer1.0-sbc-1.16.0-1.2.mga7 gstreamer1.0-smoothstreaming-1.16.0-1.2.mga7 gstreamer1.0-spandsp-1.16.0-1.2.mga7 gstreamer1.0-srtp-1.16.0-1.2.mga7 libgstreamer-plugins-bad1.0-devel-1.18.3-1.1.mga8 libgstcodecparsers1.0_0-1.18.3-1.1.mga8 gstreamer1.0-dash-1.18.3-1.1.mga8 gstreamer1.0-plugins-bad-1.18.3-1.1.mga8 libgstplayer1.0_0-1.18.3-1.1.mga8 libgstmpegts1.0_0-1.18.3-1.1.mga8 gstreamer1.0-curl-1.18.3-1.1.mga8 libgstcodecs1.0_0-1.18.3-1.1.mga8 gstreamer1.0-mpeg2enc-1.18.3-1.1.mga8 gstreamer1.0-transcoder-1.18.3-1.1.mga8 libgstbadaudio1.0_0-1.18.3-1.1.mga8 gstreamer1.0-srtp-1.18.3-1.1.mga8 libgirgstmpegts-gir1.0-1.18.3-1.1.mga8 gstreamer1.0-ladspa-1.18.3-1.1.mga8 gstreamer1.0-smoothstreaming-1.18.3-1.1.mga8 gstreamer1.0-libass-1.18.3-1.1.mga8 libgstwebrtc1.0_0-1.18.3-1.1.mga8 libgsttranscoder1.0_0-1.18.3-1.1.mga8 libgsttranscoder-devel-1.18.3-1.1.mga8 gstreamer1.0-soundtouch-1.18.3-1.1.mga8 gstreamer1.0-rtmp-1.18.3-1.1.mga8 gstreamer1.0-neon-1.18.3-1.1.mga8 libgstbasecamerabinsrc1.0_0-1.18.3-1.1.mga8 libgstphotography1.0_0-1.18.3-1.1.mga8 gstreamer1.0-mms-1.18.3-1.1.mga8 gstreamer1.0-fluidsynth-1.18.3-1.1.mga8 libgsturidownloader1.0_0-1.18.3-1.1.mga8 libgstinsertbin1.0_0-1.18.3-1.1.mga8 gstreamer1.0-sbc-1.18.3-1.1.mga8 gstreamer1.0-gme-1.18.3-1.1.mga8 gstreamer1.0-gsm-1.18.3-1.1.mga8 libgstisoff1.0_0-1.18.3-1.1.mga8 gstreamer1.0-wildmidi-1.18.3-1.1.mga8 libgstplayer-gir1.0-1.18.3-1.1.mga8 libgstwebrtc-gir1.0-1.18.3-1.1.mga8 gstreamer1.0-ofa-1.18.3-1.1.mga8 libgstsctp1.0_0-1.18.3-1.1.mga8 libgstwayland1.0_0-1.18.3-1.1.mga8 libgstbadaudio-gir1.0-1.18.3-1.1.mga8 libgstcodecs-gir1.0-1.18.3-1.1.mga8 libgsttranscoder-gir1.0-1.18.3-1.1.mga8 libgirinsertbin-git1.0-1.18.3-1.1.mga8 from SRPMS: gstreamer1.0-plugins-base-1.16.0-2.1.mga7.src.rpm gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.src.rpm gstreamer1.0-plugins-base-1.18.3-1.1.mga8.src.rpm gstreamer1.0-plugins-bad-1.18.3-1.1.mga8.src.rpm
Assignee: jani.valimaa => qa-bugsCC: (none) => jani.valimaa
Advisory: ======================== Updated gstreamer1.0-plugins-base and gstreamer1.0-plugins bad packages fix security vulnerabilities: GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags (CVE-2021-3522). Overflows in AVC/HEVC NAL unit length calculations, which would lead to allocating infinite amounts of small memory blocks until OOM and could potentially also lead to memory corruptions. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3522 https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 https://www.debian.org/security/2021/dsa-4903 https://www.debian.org/security/2021/dsa-4902 https://ubuntu.com/security/notices/USN-4959-1
Installed and tested without issues. Tested using the totem player on a large variety of files. No regressions. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia-current proprietary driver. $ uname -a Linux marte 5.10.45-desktop-2.mga7 #1 SMP Sat Jun 19 15:58:30 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep gst | sort gstreamer1.0-a52dec-1.16.0-1.1.mga7.tainted gstreamer1.0-amrnb-1.16.0-1.1.mga7.tainted gstreamer1.0-cdio-1.16.0-1.1.mga7.tainted gstreamer1.0-cdparanoia-1.16.0-2.1.mga7 gstreamer1.0-dv-1.16.0-1.1.mga7 gstreamer1.0-faad-1.16.0-1.2.mga7.tainted gstreamer1.0-farstream-0.2.8-2.mga7 gstreamer1.0-flac-1.16.0-1.1.mga7 gstreamer1.0-gme-1.16.0-1.2.mga7.tainted gstreamer1.0-gsm-1.16.0-1.2.mga7.tainted gstreamer1.0-gstclutter3-3.0.27-1.mga7 gstreamer1.0-lame-1.16.0-1.1.mga7 gstreamer1.0-libav-1.16.0-1.1.mga7 gstreamer1.0-mms-1.16.0-1.2.mga7.tainted gstreamer1.0-mpeg-1.16.0-1.1.mga7.tainted gstreamer1.0-neon-1.16.0-1.2.mga7.tainted gstreamer1.0-ofa-1.16.0-1.2.mga7.tainted gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.tainted gstreamer1.0-plugins-base-1.16.0-2.1.mga7 gstreamer1.0-plugins-good-1.16.0-1.1.mga7 gstreamer1.0-plugins-ugly-1.16.0-1.1.mga7.tainted gstreamer1.0-pulse-1.16.0-1.1.mga7 gstreamer1.0-rtmp-1.16.0-1.2.mga7.tainted gstreamer1.0-soundtouch-1.16.0-1.2.mga7.tainted gstreamer1.0-soup-1.16.0-1.1.mga7 gstreamer1.0-speex-1.16.0-1.1.mga7 gstreamer1.0-tools-1.16.0-2.mga7 gstreamer1.0-twolame-1.16.0-1.1.mga7 gstreamer1.0-wavpack-1.16.0-1.1.mga7 gstreamer1.0-x264-1.16.0-1.1.mga7.tainted gstreamer1.0-x265-1.16.0-1.2.mga7.tainted lib64clutter-gst3.0_0-3.0.27-1.mga7 lib64gstbadaudio1.0_0-1.16.0-1.2.mga7.tainted lib64gstbasecamerabinsrc1.0_0-1.16.0-1.2.mga7.tainted lib64gstcodecparsers1.0_0-1.16.0-1.2.mga7.tainted lib64gst-gir1.0-1.16.0-2.mga7 lib64gstgl1.0_0-1.16.0-2.1.mga7 lib64gstmpegts1.0_0-1.16.0-1.2.mga7.tainted lib64gstphotography1.0_0-1.16.0-1.2.mga7.tainted lib64gstreamer1.0_0-1.16.0-2.mga7 lib64gstreamer-plugins-base1.0_0-1.16.0-2.1.mga7 lib64gstsctp1.0_0-1.16.0-1.2.mga7.tainted lib64gsturidownloader1.0_0-1.16.0-1.2.mga7.tainted lib64gstwayland1.0_0-1.16.0-1.2.mga7.tainted lib64gstwebrtc1.0_0-1.16.0-1.2.mga7.tainted lib64qt5gstreamer1.0_0-1.2.0-8.mga7 lib64qt5gstreamerquick1.0_0-1.2.0-8.mga7 lib64qt5multimediagsttools5-5.12.6-1.mga7 libgstreamer1.0_0-1.16.0-2.mga7 libgstreamer-plugins-base1.0_0-1.16.0-2.1.mga7 phonon4qt5-gstreamer-4.9.0-6.mga7 phonon-gstreamer-common-4.9.0-6.mga7 qt5-gstreamer-1.2.0-8.mga7
CC: (none) => mageia
Since the end-of-support for Mageia 7 is approaching, I'm giving this update an OK for x86_64 based on comment 7.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
Tested the PoC for CVE-2021-3522 from here: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 Before: $ gst-play-1.0 --verbose --volume=0.0 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3 Volume: 0% Press 'k' to see a list of keyboard shortcuts. Now playing https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: ring-buffer-max-size = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-size = -1 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-duration = -1 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: force-sw-decoders = false /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: use-buffering = false /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: download = false /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: uri = https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: connection-speed = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: source = "\(GstSoupHTTPSrc\)\ source" /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstTypeFindElement:typefindelement0.GstPad:src: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind: force-caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0: sink-caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:sink: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:src: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink.GstProxyPad:proxypad0: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:src: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0.GstPad:sink: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:sink: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink: caps = application/x-id3 Segmentation fault (core dumped) After: $ gst-play-1.0 --verbose --volume=0.0 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3 Volume: 0% Press 'k' to see a list of keyboard shortcuts. Now playing https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: ring-buffer-max-size = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-size = -1 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: buffer-duration = -1 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: force-sw-decoders = false /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: use-buffering = false /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: download = false /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: uri = https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: connection-speed = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0: source = "\(GstSoupHTTPSrc\)\ source" /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstTypeFindElement:typefindelement0.GstPad:src: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind: force-caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0: sink-caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:sink: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0: bitrate = 0 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstQueue2:queue2-0.GstPad:src: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink.GstProxyPad:proxypad0: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:src: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0.GstPad:sink: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstTypeFindElement:typefind.GstPad:sink: caps = application/x-id3 /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0.GstGhostPad:sink: caps = application/x-id3 ERROR Could not determine type of stream. for https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/uploads/086d01c9b66ffe1b9f1cd542708d184a/seg.mp3 ERROR debug information: ../gst-libs/gst/tag/gsttagdemux.c(762): gst_tag_demux_sink_event (): /GstPlayBin:playbin/GstURIDecodeBin:uridecodebin0/GstDecodeBin:decodebin0/GstID3Demux:id3demux0 Reached end of play list. So that successfully demonstrates the issue and the fix! That takes care of gstreamer1.0-plugins-base (Mageia 8 x86_64). For gstreamer1.0-plugins-bad, you'd need to test a player using gstreamer1.0-x264 or gstreamer1.0-x265 with an appropriate file.
Test system: i5-2500, Intel graphics, 64-bit Plasma system. Went to install totem, but that wanted to add a bunch of gnome stuff I didn't want on this system, so I installed parole instead. No installation issues with either core or tainted versions. Tested core firts, then updated to tainted. "For gstreamer1.0-plugins-bad, you'd need to test a player using gstreamer1.0-x264 or gstreamer1.0-x265 with an appropriate file." Tested more than one of those that had been produced by Handbrake, as well as some videos that used other codecs, with both core and tainted versions, and all played just fine. Also played a couple of audio files with Clementine. Looks good to go. Validating. Advisory in Comment 6.
Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
type: security subject: Updated gstreamer1.0-plugins-base and gstreamer1.0-plugins-bad packages fix security vulnerabilities CVE: - CVE-2021-3522 src: 7: core: - gstreamer1.0-plugins-base-1.16.0-2.1.mga7 - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7 tainted: - gstreamer1.0-plugins-base-1.16.0-2.1.mga7.tainted - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.tainted 8: core: - gstreamer1.0-plugins-base-1.18.3-1.1.mga8 - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8 tainted: - gstreamer1.0-plugins-base-1.18.3-1.1.mga8.tainted - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8.tainted description: | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags (CVE-2021-3522). Overflows in AVC/HEVC NAL unit length calculations, which would lead to allocating infinite amounts of small memory blocks until OOM and could potentially also lead to memory corruptions. references: - https://bugs.mageia.org/show_bug.cgi?id=28977 - https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 - https://www.debian.org/security/2021/dsa-4903 - https://www.debian.org/security/2021/dsa-4902 - https://ubuntu.com/security/notices/USN-4959-1
CVE: (none) => CVE-2021-3522CC: (none) => ouaurelienKeywords: (none) => advisory
Advisory is wrong, base is not in tainted.
Keywords: advisory => (none)
(In reply to David Walser from comment #12) > Advisory is wrong, base is not in tainted. Corrected. type: security subject: Updated gstreamer1.0-plugins-base and gstreamer1.0-plugins-bad packages fix security vulnerabilities CVE: - CVE-2021-3522 src: 7: core: - gstreamer1.0-plugins-base-1.16.0-2.1.mga7 - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7 tainted: - gstreamer1.0-plugins-bad-1.16.0-1.2.mga7.tainted 8: core: - gstreamer1.0-plugins-base-1.18.3-1.1.mga8 - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8 tainted: - gstreamer1.0-plugins-bad-1.18.3-1.1.mga8.tainted description: | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags (CVE-2021-3522). Overflows in AVC/HEVC NAL unit length calculations, which would lead to allocating infinite amounts of small memory blocks until OOM and could potentially also lead to memory corruptions. references: - https://bugs.mageia.org/show_bug.cgi?id=28977 - https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 - https://www.debian.org/security/2021/dsa-4903 - https://www.debian.org/security/2021/dsa-4902 - https://ubuntu.com/security/notices/USN-4959-1
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0334.html
Status: NEW => RESOLVEDResolution: (none) => FIXED