Bug 1395767 (CVE-2016-9445)
| Summary: | CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bdpepple, bmcclain, bnocera, cfergeau, dblechte, eedri, erik-fedora, jgrulich, lsurette, mgoldboi, michal.skrivanek, otte, rh-spice-bugs, ricardo.arguello, slawomir, srevivo, tuxator, uraeus, victortoso, wtaymans, ykaul, zach |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 03:02:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1395768, 1395769, 1395770, 1395771, 1395772, 1399070, 1400820, 1400821, 1400838, 1400839, 1400897, 1400898, 1400910 | ||
| Bug Blocks: | 1395773 | ||
|
Description
Adam Mariš
2016-11-16 15:56:00 UTC
Created mingw-gstreamer1 tracking bugs for this issue: Affects: fedora-all [bug 1395771] Affects: epel-7 [bug 1395772] Created gstreamer tracking bugs for this issue: Affects: fedora-all [bug 1395768] Created mingw-gstreamer tracking bugs for this issue: Affects: fedora-all [bug 1395770] Created gstreamer1 tracking bugs for this issue: Affects: fedora-all [bug 1395769] *** Bug 1396196 has been marked as a duplicate of this bug. *** Upstream patch: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe CVE assignment: http://openwall.com/lists/oss-security/2016/11/18/13 Mitigation: This mitigation is only required if vulnerable gstreamer-plugins-bad-free and/or gstreamer1-plugins-bad-free packages are installed. For RHEL 7, sudo rm /usr/lib*/gstreamer-1.0/libgstvmnc.so sudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so For RHEL 6, sudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so Please note that this mitigation deletes the vulnerable VMware NC decoder, which removes the functionality to play VMware movie files. Created gstreamer1-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1399070] Updates to gstreamer1-plugins-bad-free: f24: https://bodhi.fedoraproject.org/updates/FEDORA-2016-c4004fe99e f25: https://bodhi.fedoraproject.org/updates/FEDORA-2016-a82e35272c Created gstreamer-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1400910] This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:2974 https://rhn.redhat.com/errata/RHSA-2016-2974.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0018 https://rhn.redhat.com/errata/RHSA-2017-0018.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0021 https://rhn.redhat.com/errata/RHSA-2017-0021.html |