An integer overflow vulnerability was found when allocating render buffer in vmnc decoder that results into heap buffer overflow. External References: https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html?m=1
Created mingw-gstreamer1 tracking bugs for this issue: Affects: fedora-all [bug 1395771] Affects: epel-7 [bug 1395772]
Created gstreamer tracking bugs for this issue: Affects: fedora-all [bug 1395768]
Created mingw-gstreamer tracking bugs for this issue: Affects: fedora-all [bug 1395770]
Created gstreamer1 tracking bugs for this issue: Affects: fedora-all [bug 1395769]
*** Bug 1396196 has been marked as a duplicate of this bug. ***
Upstream patch: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe CVE assignment: http://openwall.com/lists/oss-security/2016/11/18/13
Mitigation: This mitigation is only required if vulnerable gstreamer-plugins-bad-free and/or gstreamer1-plugins-bad-free packages are installed. For RHEL 7, sudo rm /usr/lib*/gstreamer-1.0/libgstvmnc.so sudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so For RHEL 6, sudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so Please note that this mitigation deletes the vulnerable VMware NC decoder, which removes the functionality to play VMware movie files.
Created gstreamer1-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1399070]
Updates to gstreamer1-plugins-bad-free: f24: https://bodhi.fedoraproject.org/updates/FEDORA-2016-c4004fe99e f25: https://bodhi.fedoraproject.org/updates/FEDORA-2016-a82e35272c
Created gstreamer-plugins-bad-free tracking bugs for this issue: Affects: fedora-all [bug 1400910]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:2974 https://rhn.redhat.com/errata/RHSA-2016-2974.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0018 https://rhn.redhat.com/errata/RHSA-2017-0018.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0021 https://rhn.redhat.com/errata/RHSA-2017-0021.html