diff options
| author | Piotr Brzeziński <piotr@centricular.com> | 2024-04-10 12:27:55 +0200 |
|---|---|---|
| committer | Piotr Brzeziński <piotr@centricular.com> | 2024-04-19 12:37:00 +0200 |
| commit | e3a4e299f056f1d4c4b839397232e43eab4325a1 (patch) | |
| tree | 84213fc6b202cbd65f461415db7833bd480623b4 | |
| parent | 28037a5b734b8f374e3592571e1784e75bcd4090 (diff) | |
security: Move entire section to Markdown
Retains the existing layout to the best of Markdown's abilities. Only downside is that new advisories have to
be manually added to the index page, as it won't be automatically updated anymore.
Part-of: <https://gitlab.freedesktop.org/gstreamer/www/-/merge_requests/104>
59 files changed, 1257 insertions, 1325 deletions
diff --git a/src/copy/gstreamer.css b/src/copy/gstreamer.css index 115a6822..23906bbd 100644 --- a/src/copy/gstreamer.css +++ b/src/copy/gstreamer.css @@ -110,9 +110,35 @@ a.gstnavside-b:hover { text-align: right; } - .task { min-width: 100%; padding-bottom: 12pt; } +/* Markdown-based pages only */ +.markdown table { + border-collapse: collapse; +} + +.markdown td, .markdown th { + border: 1px solid #ccc; + padding: 10px 15px; +} + +.markdown th { + background-color: #f2f2f2; + border-bottom: 2px solid #ccc; + font-weight: bold; +} + +/* A hacky way to get 'vertical' tables (first column = header). + * See security advisory pages for an example. */ +.markdown .vertical-table td:first-child { + background-color: #f2f2f2; + border-right: 2px solid #ccc; + font-weight: bold; +} + +.markdown .vertical-table thead { + display: none; +} diff --git a/src/htdocs/security/HOWTO b/src/htdocs/security/HOWTO index 4077f842..b451cc8a 100644 --- a/src/htdocs/security/HOWTO +++ b/src/htdocs/security/HOWTO @@ -3,13 +3,13 @@ How to enter a new security alert 1) Choose a new Security Advisory Id Format should be YYYY-nnnn, with nnnn incrementing from 001 and 0 padded to 4 digits. YYYY is the year. -2) Copy the alert-template.xml to a new filename - matching the SA id - e.g sa-2016-0001.xml -3) Edit the sa-????.xml file and fill out the details +2) Copy the alert-template.md to a new filename + matching the SA id - e.g sa-2016-0001.md +3) Edit the sa-????.md file and fill out the details 4) Edit Makefile.am, add the new xml file to the ALERTS= entry -5) Edit alerts.xml and add a new xi:include line for the new sa-????.xml file. +5) Edit security.md, add the summary and link to the new advisory -Filling out the advisory XML: +Filling out the advisory .md: * Fill out the various fields. Some details below, but generally copy previous entries. @@ -17,8 +17,7 @@ Filling out the advisory XML: details, impact, mitigation, workarounds, solution and reference entries can hold arbitrary HTML. * The date should be in YYYY-MM-DD HH:MM format -* summary should be a 1 line summary of the issue, and will appear in the list - on the index page +* summary should be a 1 line summary of the issue * affected-versions should provide information about which gstreamer module and version(s) contain the vulnerability. * details is a multiline more detailed summary of the type of vulnerability @@ -30,8 +29,9 @@ Filling out the advisory XML: * workarounds should describe any configuration change which might limit exposure to the vulnerability * solution describes which release(s) of which module(s) removes the vulnerability. -* references is a list of <reference> nodes with a title and content that should - provide links to relevant resources - e.g. - <reference> <title> CVE Database Entry </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445">CVE-2016-9445</a> </content> - </reference> +* references is a list of links to relevant resources - e.g. + ### CVE Database Entries + [CVE-2023-40475](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40475) + ### GStreamer 1.22.9 release + [Release Notes](/releases/1.22/#1.22.9) + [GStreamer Plugins Bad 1.22.9](/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz) diff --git a/src/htdocs/security/Makefile.am b/src/htdocs/security/Makefile.am index 0640aa38..965de328 100644 --- a/src/htdocs/security/Makefile.am +++ b/src/htdocs/security/Makefile.am @@ -1,42 +1,65 @@ NULL = ALERTS = \ - sa-2016-0001.xml \ - sa-2016-0002.xml \ - sa-2019-0001.xml \ - sa-2021-0001.xml \ - sa-2021-0002.xml \ - sa-2021-0003.xml \ - sa-2021-0004.xml \ - sa-2021-0005.xml \ - sa-2022-0001.xml \ - sa-2022-0002.xml \ - sa-2022-0003.xml \ - sa-2022-0004.xml \ - sa-2023-0001.xml \ - sa-2023-0002.xml \ - sa-2023-0003.xml \ - sa-2023-0004.xml \ - sa-2023-0005.xml \ - sa-2023-0006.xml \ - sa-2023-0007.xml \ - sa-2023-0008.xml \ - sa-2023-0009.xml \ - sa-2023-0010.xml \ - sa-2023-0011.xml \ - sa-2024-0001.xml \ + sa-2016-0001.md \ + sa-2016-0002.md \ + sa-2019-0001.md \ + sa-2021-0001.md \ + sa-2021-0002.md \ + sa-2021-0003.md \ + sa-2021-0004.md \ + sa-2021-0005.md \ + sa-2022-0001.md \ + sa-2022-0002.md \ + sa-2022-0003.md \ + sa-2022-0004.md \ + sa-2023-0001.md \ + sa-2023-0002.md \ + sa-2023-0003.md \ + sa-2023-0004.md \ + sa-2023-0005.md \ + sa-2023-0006.md \ + sa-2023-0007.md \ + sa-2023-0008.md \ + sa-2023-0009.md \ + sa-2023-0010.md \ + sa-2023-0011.md \ + sa-2024-0001.md \ $(NULL) -security_pages = $(patsubst %.xml,%.html,$(ALERTS)) - +security_pages = $(patsubst %.md,%.html,$(ALERTS)) all: index.html $(security_pages) -index.html: index.xml index.xsl alerts.xsl alerts.xml $(top_srcdir)/htdocs/page.xsl - xsltproc @XSLTPROC_ARGS@ --xinclude $(srcdir)/index.xsl $(srcdir)/index.xml > $@ +index.html: security.html $(top_srcdir)/htdocs/page.xsl + xsltproc @XSLTPROC_ARGS@ $(srcdir)/index.xml -o $@ --path "$(builddir)" + rm security.html + +security.html: security.md + cmark-gfm @CMARK_ARGS@ $< > $@ -sa-%.html: $(srcdir)/sa-%.xml $(srcdir)/advisory-detail.xsl $(top_srcdir)/htdocs/page.xsl - xsltproc @XSLTPROC_ARGS@ $(srcdir)/advisory-detail.xsl $< > $@ +# We want to go .md -> .html, but we need to use the .xsl page layout template... +# This creates a temporary .xml file, fills it with bare minimum needed to import the layout, +# adds our markdown content converted to HTML and finally runs xsltproc on it. +# Quite janky, but works. +sa-%.html: sa-%.md $(top_srcdir)/htdocs/page.xsl + @echo "<?xml version=\"1.0\"?>" > $@.xml + @echo "<!DOCTYPE xml" >> $@.xml + @echo "[" >> $@.xml + @echo " <!ENTITY % site-entities SYSTEM \"$(top_srcdir)/htdocs/entities.site\">" >> $@.xml + @echo " %site-entities;" >> $@.xml + @echo "]>" >> $@.xml + @echo "<?xml-stylesheet href=\"$(top_srcdir)/htdocs/page.xsl\" type=\"text/xsl\"?>" >> $@.xml + @echo "<page>" >> $@.xml + @echo "<title>GStreamer Security Advisory</title>" >> $@.xml + @echo "<body>" >> $@.xml + @echo "<div class=\"markdown\">" >> $@.xml + @cmark-gfm @CMARK_ARGS@ $< >> $@.xml + @echo "</div>" >> $@.xml + @echo "</body>" >> $@.xml + @echo "</page>" >> $@.xml + xsltproc @XSLTPROC_ARGS@ $@.xml -o $@ --path "$(builddir)" + rm $@.xml built_pages = index.html $(security_pages) diff --git a/src/htdocs/security/advisory-detail.xsl b/src/htdocs/security/advisory-detail.xsl deleted file mode 100644 index 6f465b46..00000000 --- a/src/htdocs/security/advisory-detail.xsl +++ /dev/null @@ -1,68 +0,0 @@ -<?xml version='1.0'?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY nbsp " "> -]> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - version="1.0"> - - <xsl:output method="html"/> - <xsl:include href="../page.xsl" /> - - <xsl:template match="advisory"> - <xsl:call-template name="page"> - - <xsl:with-param name="content"> - <div> - <h1>Security Advisory <xsl:value-of select="id"/> - <xsl:for-each select="alternate-name"> - (<xsl:value-of select="text()"/>) - </xsl:for-each> - </h1> - <div> - <table> - <tr><td><strong>Summary</strong></td> - <td><xsl:copy-of select="summary/node()"/></td> - </tr> - <tr><td><strong>Date</strong></td> - <td><xsl:value-of select="date"/></td> - </tr> - <tr><td valign="top"><strong>Affected Versions</strong></td> - <td><xsl:copy-of select="affected-versions/node()"/></td> - </tr> - <tr><td><strong>ID</strong></td> - <td>GStreamer-SA-<xsl:value-of select="id"/></td> - </tr> - <xsl:for-each select="alternate-name"> - <tr><td><strong><xsl:value-of select="@type"/></strong></td> - <td><xsl:value-of select="text()"/></td></tr> - </xsl:for-each> - <tr><td></td></tr> - </table> - </div> - - <h2>Details</h2> - <xsl:copy-of select="details/node()"/> - <h2>Impact</h2> - <xsl:copy-of select="impact/node()"/> - <h2>Threat mitigation</h2> - <xsl:copy-of select="mitigation/node()"/> - <h2>Workarounds</h2> - <xsl:copy-of select="workarounds/node()"/> - <h2>Solution</h2> - <xsl:copy-of select="solution/node()"/> - <xsl:for-each select="references"> - <div class="references"> - <h2>References</h2> - <xsl:for-each select="reference"> - <h3><xsl:value-of select="title" /></h3> - <div><xsl:copy-of select="content/node()" /></div> - </xsl:for-each> - </div> - </xsl:for-each> - </div> - </xsl:with-param> - </xsl:call-template> - </xsl:template> - -</xsl:stylesheet> diff --git a/src/htdocs/security/alert-template.md b/src/htdocs/security/alert-template.md new file mode 100644 index 00000000..d9d3452f --- /dev/null +++ b/src/htdocs/security/alert-template.md @@ -0,0 +1,41 @@ +# Security Advisory 2024-XXXX <!-- (ZDI-CAN-XXXXX, CVE-2024-XXXX) --> + +<div class="vertical-table"> + +| | | +| ----------------- | ----------------------------------------- | +| Summary | Example summary | +| Date | 2024-04-10 10:00 | +| Affected Versions | GStreamer gst-plugins-XYZ | +| IDs | GStreamer-SA-2024-XXXX<br/>CVE-2024-XXXX | + +</div> + +## Details + +## Impact + +## Threat mitigation + +## Workarounds + +## Solution + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-XXXX](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-XXXX) + +### GStreamer 1.XX.X release + +- [Release Notes](/releases/1.XX/#1.XX.X) +- [GStreamer Plugins XYZ 1.XX.X](/src/gst-plugins-XYZ/gst-plugins-XYZ-1.XX.X.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/XXXX.patch) diff --git a/src/htdocs/security/alert-template.xml b/src/htdocs/security/alert-template.xml deleted file mode 100644 index 1e9f3dbd..00000000 --- a/src/htdocs/security/alert-template.xml +++ /dev/null @@ -1,22 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>ENTER-ID-HERE-EG: 2016-0001</id> -<!-- <alternate-name>CVE-2016-9445</alternate-name> --> -<date>2016-11-23 22:50</date> -<summary>Test security advisory</summary> -<affected-versions>GStreamer gst-plugins-bad</affected-versions> - -<details>Test security advisory</details> -<impact></impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<references> - <reference><title></title><content></content></reference> -</references> -</advisory> diff --git a/src/htdocs/security/alerts.xml b/src/htdocs/security/alerts.xml deleted file mode 100644 index 171851d8..00000000 --- a/src/htdocs/security/alerts.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<wrapper xmlns:xi="http://www.w3.org/2001/XInclude"> - <alerts> - <xi:include href="sa-2024-0001.xml" parse="xml" /> - <xi:include href="sa-2023-0011.xml" parse="xml" /> - <xi:include href="sa-2023-0010.xml" parse="xml" /> - <xi:include href="sa-2023-0009.xml" parse="xml" /> - <xi:include href="sa-2023-0008.xml" parse="xml" /> - <xi:include href="sa-2023-0007.xml" parse="xml" /> - <xi:include href="sa-2023-0006.xml" parse="xml" /> - <xi:include href="sa-2023-0005.xml" parse="xml" /> - <xi:include href="sa-2023-0004.xml" parse="xml" /> - <xi:include href="sa-2023-0003.xml" parse="xml" /> - <xi:include href="sa-2023-0002.xml" parse="xml" /> - <xi:include href="sa-2023-0001.xml" parse="xml" /> - <xi:include href="sa-2022-0004.xml" parse="xml" /> - <xi:include href="sa-2022-0003.xml" parse="xml" /> - <xi:include href="sa-2022-0002.xml" parse="xml" /> - <xi:include href="sa-2022-0001.xml" parse="xml" /> - <xi:include href="sa-2021-0005.xml" parse="xml" /> - <xi:include href="sa-2021-0004.xml" parse="xml" /> - <xi:include href="sa-2021-0003.xml" parse="xml" /> - <xi:include href="sa-2021-0002.xml" parse="xml" /> - <xi:include href="sa-2021-0001.xml" parse="xml" /> - <xi:include href="sa-2019-0001.xml" parse="xml" /> - <xi:include href="sa-2016-0001.xml" parse="xml" /> - <xi:include href="sa-2016-0002.xml" parse="xml" /> -</alerts> </wrapper> - diff --git a/src/htdocs/security/alerts.xsl b/src/htdocs/security/alerts.xsl deleted file mode 100644 index 189000b8..00000000 --- a/src/htdocs/security/alerts.xsl +++ /dev/null @@ -1,40 +0,0 @@ -<?xml version='1.0'?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY nbsp " "> -]> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - version="1.0"> - - <xsl:output method="html"/> - - <xsl:template match="alerts"> - <p><table width="95%" border="0" cellspacing="0" cellpadding="2"> - <xsl:for-each select="advisory"> - <xsl:sort data-type="text" select="date" order="descending" /> - <xsl:variable name="w3cdtf"> - <xsl:value-of select="substring(date,1,10)"/> - <xsl:text>T</xsl:text> - <xsl:value-of select="substring(date,12,16)"/> - <xsl:text>:00Z</xsl:text> - </xsl:variable> - <xsl:variable name="detail-file"> - <xsl:text>sa-</xsl:text> - <xsl:value-of select='id'/> - <xsl:text>.html</xsl:text> - </xsl:variable> - <tr> - <td valign="top"><h3 id="{$w3cdtf}">GStreamer-SA-<xsl:value-of select="id"/> - <xsl:for-each select="alternate-name"> - (<xsl:value-of select="text()"/>) - </xsl:for-each> - </h3></td> - <td valign="top" align="right"><xsl:value-of select="date"/></td> - </tr> - <tr><td colspan="2"><xsl:copy-of select="summary/node()"/> <a href="{$detail-file}">Details</a> - </td></tr> - </xsl:for-each> - </table></p> - </xsl:template> - -</xsl:stylesheet> diff --git a/src/htdocs/security/index.xml b/src/htdocs/security/index.xml index 294e4acc..5c8f6674 100644 --- a/src/htdocs/security/index.xml +++ b/src/htdocs/security/index.xml @@ -1,6 +1,18 @@ <?xml version="1.0"?> +<!DOCTYPE xml +[ + <!ENTITY security SYSTEM "security.html"> +]> + +<?xml-stylesheet href="../page.xsl" type="text/xsl"?> <page> - <title>GStreamer Security Center</title> - <body> - </body> -</page> +<title>GStreamer Security Center</title> + +<body> + +<div class="markdown"> +&security; +</div> + +</body> +</page>
\ No newline at end of file diff --git a/src/htdocs/security/index.xsl b/src/htdocs/security/index.xsl deleted file mode 100644 index 8ced9ce9..00000000 --- a/src/htdocs/security/index.xsl +++ /dev/null @@ -1,43 +0,0 @@ -<?xml version='1.0'?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY nbsp " "> -]> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - version="1.0"> - - <xsl:output method="html"/> - - <xsl:include href="../page.xsl" /> - <xsl:include href="alerts.xsl" /> - - <xsl:template match="page"> - <xsl:call-template name="page"> - <xsl:with-param name="content"> - <h1>Security Center</h1> - <h2>Security Contacts</h2> - <p> - Security notifications or problems should be reported in <a href="https://gitlab.freedesktop.org/gstreamer">GitLab</a> - by <u><a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/new?issue[confidential]=true">filing an issue</a></u> - and marking it as <i>confidential</i> before submitting it (if you follow the link on the left the confidential checkbox should already be ticked). - </p> - <p> - If you have patches, please attach them to the confidential issue and not via a merge requests, as merge requests are always public immediately. - </p> - <p> - The GStreamer project encourages <a href="https://en.wikipedia.org/wiki/Responsible_disclosure">responsible disclosure</a> - of security issues. - </p> - - <h2>Security Advisories</h2> - <xsl:apply-templates select="document('alerts.xml')" /> - <xsl:apply-templates /> - <!-- copy contents of body verbatim --> - <xsl:copy-of select="body/node()" /> - </xsl:with-param> - <xsl:with-param name="title"> - <xsl:value-of select="title" /> - </xsl:with-param> - </xsl:call-template> - </xsl:template> -</xsl:stylesheet> diff --git a/src/htdocs/security/sa-2016-0001.md b/src/htdocs/security/sa-2016-0001.md new file mode 100644 index 00000000..81df6346 --- /dev/null +++ b/src/htdocs/security/sa-2016-0001.md @@ -0,0 +1,52 @@ +# Security Advisory 2016-0001 (CVE-2016-9445, CVE-2016-9446) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Multiple Issues in VMNC decoder | +| Date | 2016-11-17 16:00 | +| Affected Versions | GStreamer gst-plugins-bad 1.10 < 1.10.1<br/>GStreamer gst-plugins-bad 1.x <= 1.8.3 | +| IDs | GStreamer-SA-2016-0001<br/>CVE-2016-9445<br/>CVE-2016-9446 | + +</div> + +## Details + +The VMNC decoder in gst-plugins-bad contains an integer overflow vulnerability and a failure to initialize output memory. + +## Impact + +If successful, a malicious third party could trigger either a crash in an application decoding a VMNC video stream or an arbitrary code execution with the privileges of the target user. The failure to initialize output memory may result in an information leak. + +## Mitigation + +Exploitation requires the user to access a VMNC stream or file. + +## Workarounds + +The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or disable the VMNC decoder plugin by removing the plugin binary file libgstvmnc.so or libgstvmnc.dll. + +## Solution + +The gst-plugins-bad 1.10.1 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile, or disable the VMNC plugin. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2016-9445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445) +- [CVE-2016-9446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9446) + +### GStreamer Bugzilla Entry + +- [Bug 774533](https://bugzilla.gnome.org/show_bug.cgi?id=774533) + +### GStreamer Patches + +- [Patch](https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe) +- [Patch 2](https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=807e23118b6b6d99e61b5e2055c4bc82a444b008) diff --git a/src/htdocs/security/sa-2016-0001.xml b/src/htdocs/security/sa-2016-0001.xml deleted file mode 100644 index be51ddd4..00000000 --- a/src/htdocs/security/sa-2016-0001.xml +++ /dev/null @@ -1,48 +0,0 @@ -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> - -<advisory> -<id>2016-0001</id> -<alternate-name type="CVE ID">CVE-2016-9445</alternate-name> -<alternate-name type="CVE ID">CVE-2016-9446</alternate-name> -<date>2016-11-17 16:00</date> -<summary>Multiple Issues in VMNC decoder</summary> -<affected-versions>GStreamer gst-plugins-bad 1.10 < 1.10.1<br/> - GStreamer gst-plugins-bad 1.x <= 1.8.3</affected-versions> - -<details>The VMNC decoder in gst-plugins-bad contains an integer overflow vulnerability, - and a failure to initialise output memory</details> -<impact>If successful, a malicious third party could trigger either a crash in an application - decoding a VMNC video stream, or an arbitrary code execution with the privileges of the target user. - The failure to initialise output memory may result in an information leak. -</impact> -<mitigation>Exploitation requires the user to access a VMNC stream or file.</mitigation> -<workarounds>The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or - disable the VMNC decoder plugin by removing the plugin binary file libgstvmnc.so or libgstvmnc.dll</workarounds> -<solution>The gst-plugins-bad 1.10.1 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile, or disable the VMNC plugin.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445">CVE-2016-9445</a> - <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9446">CVE-2016-9446</a> </content> - </reference> - <reference> - <title> GStreamer Bugzilla Entry </title> - <content> <a href="https://bugzilla.gnome.org/show_bug.cgi?id=774533">Bug 774533</a> </content> - </reference> - <reference> - <title> GStreamer Patches </title> - <content> - <a href="https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe">Patch 1</a> - <a href="https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=807e23118b6b6d99e61b5e2055c4bc82a444b008">Patch 2</a> - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2016-0002.md b/src/htdocs/security/sa-2016-0002.md new file mode 100644 index 00000000..b0d359ec --- /dev/null +++ b/src/htdocs/security/sa-2016-0002.md @@ -0,0 +1,58 @@ +# Security Advisory 2016-0002 (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Multiple Issues in FLC/FLI/FLX Decoder | +| Date | 2016-11-23 03:00 | +| Affected Versions | GStreamer gst-plugins-bad 1.10 < 1.10.2<br/>GStreamer gst-plugins-bad 1.x <= 1.8.3 | +| IDs | GStreamer-SA-2016-0002<br/>CVE-2016-9634<br/>CVE-2016-9635<br/>CVE-2016-9636<br/>CVE-2016-9807 | + +</div> + +## Details + +The decoder for the FLC/FLI/FLX animation video formats in gst-plugins-good contains various out-of-bounds writes and reads and fails to initialize output frame memory. + +## Impact + +If successful, a malicious third party could trigger either a crash in an application decoding a FLC/FLI/FLX video stream or an arbitrary code execution with the privileges of the target user. The failure to initialize output memory may result in an information leak. + +## Threat Mitigation + +Exploitation requires the user to access an FLC/FLI/FLX stream or file. + +## Workarounds + +The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or disable the FLC/FLI/FLX decoder plugin by removing the plugin binary file libgstflxdec.so or libgstflxdec.dll. + +## Solution + +The gst-plugins-bad 1.10.2 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile or disable the FLC/FLI/FLX plugin. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2016-9634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634) +- [CVE-2016-9635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635) +- [CVE-2016-9636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636) +- [CVE-2016-9807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807) + +### GStreamer Bugzilla Entries + +- [Bug 774834](https://bugzilla.gnome.org/show_bug.cgi?id=774834) +- [Bug 774859](https://bugzilla.gnome.org/show_bug.cgi?id=774859) + +### GStreamer Patches + +- [Patch 1](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac) +- [Patch 2](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2) +- [Patch 3](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9) +- [Patch 4](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff) +- [Patch 5](https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=96aaf889afe90b5e02ec756af5c6c7000d2cc424) diff --git a/src/htdocs/security/sa-2016-0002.xml b/src/htdocs/security/sa-2016-0002.xml deleted file mode 100644 index 20496262..00000000 --- a/src/htdocs/security/sa-2016-0002.xml +++ /dev/null @@ -1,56 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2016-0002</id> -<alternate-name>CVE-2016-9634</alternate-name> -<alternate-name>CVE-2016-9635</alternate-name> -<alternate-name>CVE-2016-9636</alternate-name> -<alternate-name>CVE-2016-9807</alternate-name> -<date>2016-11-23 03:00</date> -<summary>Multiple Issues in FLC/FLI/FLX Decoder</summary> -<affected-versions>GStreamer gst-plugins-bad 1.10 < 1.10.2<br/> - GStreamer gst-plugins-bad 1.x <= 1.8.3</affected-versions> - -<details>The decoder for the FLC/FLI/FLX animation video formats in gst-plugins-good contains various out-of-bounds writes and reads and fails to initialise output frame memory</details> -<impact>If successful, a malicious third party could trigger either a crash in an application - decoding a FLC/FLI/FLX video stream, or an arbitrary code execution with the privileges of the target user. - The failure to initialise output memory may result in an information leak.</impact> -<mitigation>Exploitation requires the user to access a FLC/FLI/FLX stream or file.</mitigation> -<workarounds>The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites, or - disable the FLC/FLI/FLX decoder plugin by removing the plugin binary file libgstflxdec.so or libgstflxdec.dll</workarounds> -<solution>The gst-plugins-bad 1.10.2 release addresses the issue. The upcoming gst-plugins-bad 1.8.4 release will also address the issue. People using older branches of GStreamer should apply the patch and recompile, or disable the FLC/FLI/FLX plugin.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634">CVE-2016-9634</a> - <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635">CVE-2016-9635</a> - <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636">CVE-2016-9636</a> - <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807">CVE-2016-9807</a></content> - </reference> - <reference> - <title> GStreamer Bugzilla Entries </title> - <content> - <a href="https://bugzilla.gnome.org/show_bug.cgi?id=774834">Bug 774834</a> - <a href="https://bugzilla.gnome.org/show_bug.cgi?id=774859">Bug 774859</a> - </content> - </reference> - <reference> - <title> GStreamer Patches </title> - <content> - <a href="https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac">Patch 1</a> - <a href="https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2">Patch 2</a> - <a href="https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9">Patch 3</a> - <a href="https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff">Patch 4</a> - <a href="https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=96aaf889afe90b5e02ec756af5c6c7000d2cc424">Patch 5</a> - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2019-0001.md b/src/htdocs/security/sa-2019-0001.md new file mode 100644 index 00000000..c1662cec --- /dev/null +++ b/src/htdocs/security/sa-2019-0001.md @@ -0,0 +1,51 @@ +# Security Advisory 2019-0001 (CVE-2019-9928) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Buffer overflow in RTSP parsing | +| Date | 2019-04-22 00:30 | +| Affected Versions | GStreamer gst-plugins-bad | +| IDs | GStreamer-SA-2019-0001<br/>CVE-2019-9928 | + +</div> + +## Details + +GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server. + +## Impact + +The potential exists for a malicious server to trigger remote code execution in a connecting client. + +## Threat mitigation + +Exploitation requires the user to access a malicious RTSP server. + +## Workarounds + +The user should refrain from opening RTSP streams from untrusted third parties + +## Solution + +The gst-plugins-base 1.16.0 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2019-9928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928) + +### GStreamer 1.16.0 release + +- [Release Notes](/releases/1.16/) +- [GStreamer Plugins Base 1.16.0](/src/gst-plugins-base/gst-plugins-base-1.16.0.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157) diff --git a/src/htdocs/security/sa-2019-0001.xml b/src/htdocs/security/sa-2019-0001.xml deleted file mode 100644 index 0d1a419e..00000000 --- a/src/htdocs/security/sa-2019-0001.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2019-0001</id> -<alternate-name>CVE-2019-9928</alternate-name> -<date>2019-04-22 00:30</date> -<summary>Buffer overflow in RTSP parsing</summary> -<affected-versions>GStreamer gst-plugins-bad</affected-versions> - -<details>GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server.</details> -<impact>The potential exists for a malicious server to trigger remote code execution in a connecting client.</impact> -<mitigation>Exploitation requires the user to access a malicious RTSP server.</mitigation> -<workarounds>The user should refrain from opening RTSP streams from untrusted third parties</workarounds> -<solution></solution> -<solution>The gst-plugins-base 1.16.0 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9928">CVE-2019-9928</a> </content> - </reference> - <reference><title>GStreamer 1.16.0 release</title> <content><a href="https://gstreamer.freedesktop.org/releases/1.16/">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.16.0.tar.xz">GStreamer Plugins Base 1.16.0</a></content></reference> - - <reference><title>Patches</title> <content><a href="https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157">Patch 1</a></content></reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2021-0001.md b/src/htdocs/security/sa-2021-0001.md new file mode 100644 index 00000000..8ac3897e --- /dev/null +++ b/src/htdocs/security/sa-2021-0001.md @@ -0,0 +1,39 @@ +# Security Advisory 2021-0001 (CVE-2021-3522) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Out-of-bounds read in ID3v2 tag parsing | +| Date | 2021-03-15 16:00 | +| Affected Versions | GStreamer gst-plugins-base 1.x <= 1.18.3, 0.10.36 | +| IDs | GStreamer-SA-2021-0001<br/>CVE-2021-3522 | + +</div> + +## Details + +GStreamer before 1.18.4 might do an out-of-bounds read when handling certain ID3v2 tags. + +## Impact + +It might be possible for a malicious third party to trigger a crash in the application. + +## Solution + +The gst-plugins-base 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### GStreamer 1.18.4 release + +- [Release Notes](/releases/1.18/#1.18.4) +- [GStreamer Plugins Base 1.18.4](/src/gst-plugins-base/gst-plugins-base-1.18.4.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4?merge_request_iid=1066) diff --git a/src/htdocs/security/sa-2021-0001.xml b/src/htdocs/security/sa-2021-0001.xml deleted file mode 100644 index 465b93c7..00000000 --- a/src/htdocs/security/sa-2021-0001.xml +++ /dev/null @@ -1,36 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2021-0001</id> -<alternate-name>CVE-2021-3522</alternate-name> -<date>2021-03-15 16:00</date> -<summary>Out-of-bounds read in ID3v2 tag parsing</summary> -<affected-versions>GStreamer gst-plugins-base 1.x <= 1.18.3, 0.10.36</affected-versions> - -<details>GStreamer before 1.18.4 might do an out-of-bounds read when handling certain ID3v2 tags.</details> -<impact>It might be possible for a malicious third party to trigger a crash in the application.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-base 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> -<!-- - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-XXXX">CVE-2021-XXXX</a> </content> - </reference> ---> - <reference><title>GStreamer 1.18.4 release</title> <content><a href="https://gstreamer.freedesktop.org/releases/1.18/#1.18.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.18.4.tar.xz">GStreamer Plugins Base 1.18.4</a></content></reference> - - <reference><title>Patches</title> <content><a href="https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4?merge_request_iid=1066">Patch 1</a></content></reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2021-0002.md b/src/htdocs/security/sa-2021-0002.md new file mode 100644 index 00000000..598ac022 --- /dev/null +++ b/src/htdocs/security/sa-2021-0002.md @@ -0,0 +1,43 @@ +# Security Advisory 2021-0002 (CVE-2021-3497) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Use-after-free in matroska demuxing | +| Date | 2021-03-15 16:00 | +| Affected Versions | GStreamer gst-plugins-good 1.x <= 1.18.3, 0.10.x > 0.10.8 | +| IDs | GStreamer-SA-2021-0002<br/>CVE-2021-3497 | + +</div> + +## Details + +GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. + +## Impact + +It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user. + +## Solution + +The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2021-3497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3497) + +### GStreamer 1.18.4 release + +- [Release Notes](/releases/1.18/#1.18.4) +- [GStreamer Plugins Good 1.18.4](/src/gst-plugins-good/gst-plugins-good-1.18.4.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3?merge_request_id=903) diff --git a/src/htdocs/security/sa-2021-0002.xml b/src/htdocs/security/sa-2021-0002.xml deleted file mode 100644 index 7a959013..00000000 --- a/src/htdocs/security/sa-2021-0002.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2021-0002</id> -<alternate-name>CVE-2021-3497</alternate-name> -<date>2021-03-15 16:00</date> -<summary>Use-after-free in matroska demuxing</summary> -<affected-versions>GStreamer gst-plugins-good 1.x <= 1.18.3, 0.10.x > 0.10.8</affected-versions> - -<details>GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.</details> -<impact>It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3497">CVE-2021-3497</a> </content> - </reference> - <reference><title>GStreamer 1.18.4 release</title> <content><a href="https://gstreamer.freedesktop.org/releases/1.18/#1.18.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.18.4.tar.xz">GStreamer Plugins Good 1.18.4</a></content></reference> - - <reference><title>Patches</title> <content><a href="https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3?merge_request_iid=903">Patch 1</a></content></reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2021-0003.md b/src/htdocs/security/sa-2021-0003.md new file mode 100644 index 00000000..713406e6 --- /dev/null +++ b/src/htdocs/security/sa-2021-0003.md @@ -0,0 +1,43 @@ +# Security Advisory 2021-0003 (CVE-2021-3498) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Heap corruption in matroska demuxing | +| Date | 2021-03-15 16:00 | +| Affected Versions | GStreamer gst-plugins-good 1.x <= 1.18.3 | +| IDs | GStreamer-SA-2021-0003<br/>CVE-2021-3498 | + +</div> + +## Details + +GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. + +## Impact + +It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user. + +## Solution + +The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2021-3498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3498) + +### GStreamer 1.18.4 release + +- [Release Notes](/releases/1.18/#1.18.4) +- [GStreamer Plugins Good 1.18.4](/src/gst-plugins-good/gst-plugins-good-1.18.4.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903) diff --git a/src/htdocs/security/sa-2021-0003.xml b/src/htdocs/security/sa-2021-0003.xml deleted file mode 100644 index ecde5375..00000000 --- a/src/htdocs/security/sa-2021-0003.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2021-0003</id> -<alternate-name>CVE-2021-3498</alternate-name> -<date>2021-03-15 16:00</date> -<summary>Heap corruption in matroska demuxing</summary> -<affected-versions>GStreamer gst-plugins-good 1.x <= 1.18.3</affected-versions> - -<details>GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.</details> -<impact>It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3498">CVE-2021-3498</a> </content> - </reference> - <reference><title>GStreamer 1.18.4 release</title> <content><a href="https://gstreamer.freedesktop.org/releases/1.18/#1.18.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.18.4.tar.xz">GStreamer Plugins Good 1.18.4</a></content></reference> - - <reference><title>Patches</title> <content><a href="https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903">Patch 1</a></content></reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2021-0004.md b/src/htdocs/security/sa-2021-0004.md new file mode 100644 index 00000000..18a4c72c --- /dev/null +++ b/src/htdocs/security/sa-2021-0004.md @@ -0,0 +1,39 @@ +# Security Advisory 2021-0004 + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Out-of-bounds read in realmedia demuxing | +| Date | 2021-03-15 16:00 | +| Affected Versions | GStreamer gst-plugins-ugly 1.x <= 1.18.3 | +| ID | GStreamer-SA-2021-0004 | + +</div> + +## Details + +GStreamer before 1.18.4 might do an out-of-bounds read when handling certain RealMedia files or streams. + +## Impact + +It might be possible for a malicious third party to trigger a crash in the application. + +## Solution + +The gst-plugins-ugly 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### GStreamer 1.18.4 release + +- [Release Notes](/releases/1.18/#1.18.4) +- [GStreamer Plugins Ugly 1.18.4](/src/gst-plugins-ugly/gst-plugins-ugly-1.18.4.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29?merge_request_iid=75) diff --git a/src/htdocs/security/sa-2021-0004.xml b/src/htdocs/security/sa-2021-0004.xml deleted file mode 100644 index 3c857030..00000000 --- a/src/htdocs/security/sa-2021-0004.xml +++ /dev/null @@ -1,36 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2021-0004</id> -<!-- <alternate-name>CVE-2021-XXXX</alternate-name> --> -<date>2021-03-15 16:00</date> -<summary>Out-of-bounds read in realmedia demuxing</summary> -<affected-versions>GStreamer gst-plugins-ugly 1.x <= 1.18.3</affected-versions> - -<details>GStreamer before 1.18.4 might do an out-of-bounds read when handling certain RealMedia files or streams.</details> -<impact>It might be possible for a malicious third party to trigger a crash in the application.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-ugly 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> -<!-- - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-XXXX">CVE-2021-XXXX</a> </content> - </reference> ---> - <reference><title>GStreamer 1.18.4 release</title> <content><a href="https://gstreamer.freedesktop.org/releases/1.18/#1.18.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.18.4.tar.xz">GStreamer Plugins Ugly 1.18.4</a></content></reference> - - <reference><title>Patches</title> <content><a href="https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29?merge_request_iid=75">Patch 1</a></content></reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2021-0005.md b/src/htdocs/security/sa-2021-0005.md new file mode 100644 index 00000000..482c1556 --- /dev/null +++ b/src/htdocs/security/sa-2021-0005.md @@ -0,0 +1,39 @@ +# Security Advisory 2021-0005 + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Stack overflow in gst\_ffmpeg\_channel\_layout\_to\_gst() | +| Date | 2021-03-15 16:00 | +| Affected Versions | GStreamer gst-libav 1.x <= 1.18.3 | +| ID | GStreamer-SA-2021-0005 | + +</div> + +## Details + +GStreamer before 1.18.4 might cause stack corruptions with streams that have more than 64 audio channels. + +## Impact + +It might be possible for a malicious third party to trigger a crash in the application. + +## Solution + +The gst-libav 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### GStreamer 1.18.4 release + +- [Release Notes](/releases/1.18/#1.18.4) +- [GStreamer plugin for the FFmpeg libav* libraries 1.18.4](/src/gst-libav/gst-libav-1.18.4.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8?merge_request_iid=121) diff --git a/src/htdocs/security/sa-2021-0005.xml b/src/htdocs/security/sa-2021-0005.xml deleted file mode 100644 index e32ab632..00000000 --- a/src/htdocs/security/sa-2021-0005.xml +++ /dev/null @@ -1,36 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2021-0005</id> -<!-- <alternate-name>CVE-2021-XXXX</alternate-name> --> -<date>2021-03-15 16:00</date> -<summary>Stack overflow in gst_ffmpeg_channel_layout_to_gst()</summary> -<affected-versions>GStreamer gst-libav 1.x <= 1.18.3</affected-versions> - -<details>GStreamer before 1.18.4 might cause stack corruptions with streams that have more than 64 audio channels</details> -<impact>It might be possible for a malicious third party to trigger a crash in the application.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-libav 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> -<!-- - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-XXXX">CVE-2021-XXXX</a> </content> - </reference> ---> - <reference><title>GStreamer 1.18.4 release</title> <content><a href="https://gstreamer.freedesktop.org/releases/1.18/#1.18.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-1.18.4.tar.xz">GStreamer plugin for the FFmpeg libav* libraries 1.18.4</a></content></reference> - - <reference><title>Patches</title> <content><a href="https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8?merge_request_iid=121">Patch 1</a></content></reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2022-0001.md b/src/htdocs/security/sa-2022-0001.md new file mode 100644 index 00000000..a3056e9a --- /dev/null +++ b/src/htdocs/security/sa-2022-0001.md @@ -0,0 +1,43 @@ +# Security Advisory 2022-0001 (CVE-2022-1921) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Heap overwrite in avi demuxing | +| Date | 2022-06-15 23:00 | +| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x | +| IDs | GStreamer-SA-2022-0001<br/>CVE-2022-1921 | + +</div> + +## Details + +Heap-based buffer overflow in the avi demuxer when handling certain AVI files in GStreamer versions before 1.20.3. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2022-1921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1921) + +### GStreamer 1.20.3 release + +- [Release Notes](/releases/1.20/#1.20.3) +- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0.patch) diff --git a/src/htdocs/security/sa-2022-0001.xml b/src/htdocs/security/sa-2022-0001.xml deleted file mode 100644 index 89830d4e..00000000 --- a/src/htdocs/security/sa-2022-0001.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2022-0001</id> -<alternate-name>CVE-2022-1921</alternate-name> -<date>2022-06-15 23:00</date> -<summary>Heap overwrite in avi demuxing</summary> -<affected-versions>GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x</affected-versions> - -<details>Heap-based buffer overflow in the avi demuxer when handling certain AVI files in GStreamer versions before 1.20.3.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1921">CVE-2022-1921</a> </content> - </reference> - <reference> - <title>GStreamer 1.20.3 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.3">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz">GStreamer Plugins Good 1.20.3</a> - </content> - </reference> - - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0.patch">Patch 1</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2022-0002.md b/src/htdocs/security/sa-2022-0002.md new file mode 100644 index 00000000..899396b3 --- /dev/null +++ b/src/htdocs/security/sa-2022-0002.md @@ -0,0 +1,46 @@ +# Security Advisory 2022-0002 (CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Potential heap overwrite in mkv demuxing using zlib/bz2/lzo decompression | +| Date | 2022-06-15 23:00 | +| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x | +| IDs | GStreamer-SA-2022-0002<br/>CVE-2022-1922<br/>CVE-2022-1923<br/>CVE-2022-1924<br/>CVE-2022-1925 | + +</div> + +## Details + +Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also overwrite data on the heap. + +## Solution + +The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2022-1922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1922) +- [CVE-2022-1923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1923) +- [CVE-2022-1924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1924) +- [CVE-2022-1925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1925) + +### GStreamer 1.20.3 release + +- [Release Notes](/releases/1.20/#1.20.3) +- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966.patch) diff --git a/src/htdocs/security/sa-2022-0002.xml b/src/htdocs/security/sa-2022-0002.xml deleted file mode 100644 index 3efacbbb..00000000 --- a/src/htdocs/security/sa-2022-0002.xml +++ /dev/null @@ -1,49 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2022-0002</id> -<alternate-name>CVE-2022-1922</alternate-name> -<alternate-name>CVE-2022-1923</alternate-name> -<alternate-name>CVE-2022-1924</alternate-name> -<alternate-name>CVE-2022-1925</alternate-name> -<date>2022-06-15 23:00</date> -<summary>Potential heap overwrite in mkv demuxing using zlib/bz2/lzo decompression</summary> -<affected-versions>GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x</affected-versions> - -<details>Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also overwrite data on the heap.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1922">CVE-2022-1922</a> </content> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1923">CVE-2022-1923</a> </content> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1924">CVE-2022-1924</a> </content> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1925">CVE-2022-1925</a> </content> - </reference> - <reference> - <title>GStreamer 1.20.3 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.3">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz">GStreamer Plugins Good 1.20.3</a> - </content> - </reference> - - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966.patch">Patch 1</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2022-0003.md b/src/htdocs/security/sa-2022-0003.md new file mode 100644 index 00000000..22e7625a --- /dev/null +++ b/src/htdocs/security/sa-2022-0003.md @@ -0,0 +1,43 @@ +# Security Advisory 2022-0003 (CVE-2022-2122) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Potential heap overwrite in mp4 demuxing using zlib decompression | +| Date | 2022-06-15 23:00 | +| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x | +| IDs | GStreamer-SA-2022-0003<br/>CVE-2022-2122 | + +</div> + +## Details + +Potential heap overwrite in the qt demuxer when handling certain QuickTime/MP4 files in GStreamer versions before 1.20.3. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also overwrite data on the heap. + +## Solution + +The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2022-2122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2122) + +### GStreamer 1.20.3 release + +- [Release Notes](/releases/1.20/#1.20.3) +- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz) + +### Patches + +- [Patch 1](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774.patch) diff --git a/src/htdocs/security/sa-2022-0003.xml b/src/htdocs/security/sa-2022-0003.xml deleted file mode 100644 index 6ba66689..00000000 --- a/src/htdocs/security/sa-2022-0003.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2022-0003</id> -<alternate-name>CVE-2022-2122</alternate-name> -<date>2022-06-15 23:00</date> -<summary>Potential heap overwrite in mp4 demuxing using zlib decompression</summary> -<affected-versions>GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x</affected-versions> - -<details>Potential heap overwrite in the qt demuxer when handling certain QuickTime/MP4 files in GStreamer versions before 1.20.3.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also overwrite data on the heap.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2122">CVE-2022-2122</a> </content> - </reference> - <reference> - <title>GStreamer 1.20.3 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.3">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz">GStreamer Plugins Good 1.20.3</a> - </content> - </reference> - - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774.patch">Patch 1</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2022-0004.md b/src/htdocs/security/sa-2022-0004.md new file mode 100644 index 00000000..165d25a5 --- /dev/null +++ b/src/htdocs/security/sa-2022-0004.md @@ -0,0 +1,43 @@ +# Security Advisory 2022-0004 (CVE-2022-1920) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Potential heap overwrite in gst\_matroska\_demux\_add\_wvpk\_header | +| Date | 2022-06-15 23:00 | +| Affected Versions | GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x | +| IDs | GStreamer-SA-2022-0004<br/>CVE-2022-1920 | + +</div> + +## Details + +Potential heap overwrite in the mkv demuxer when handling certain Matroska files in GStreamer versions before 1.20.3. + +## Impact + +It is possible for a malicious third party to overwrite data on the heap, and possibly even effect code execution. + +## Solution + +The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2022-1920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1920) + +### GStreamer 1.20.3 release + +- [Release Notes](/releases/1.20/#1.20.3) +- [GStreamer Plugins Good 1.20.3](/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d.patch) diff --git a/src/htdocs/security/sa-2022-0004.xml b/src/htdocs/security/sa-2022-0004.xml deleted file mode 100644 index f37368f2..00000000 --- a/src/htdocs/security/sa-2022-0004.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2022-0004</id> -<alternate-name>CVE-2022-1920</alternate-name> -<date>2022-06-15 23:00</date> -<summary>Potential heap overwrite in gst_matroska_demux_add_wvpk_header</summary> -<affected-versions>GStreamer gst-plugins-good 1.x < 1.20.3, 0.10.x</affected-versions> - -<details>Potential heap overwrite in the mkv demuxer when handling certain Matroska files in GStreamer versions before 1.20.3.</details> -<impact>It is possible for a malicious third party to overwrite data on the heap, and possibly even effect code execution.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-good 1.20.3 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title> CVE Database Entries </title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1922">CVE-2022-1920</a> </content> - </reference> - <reference> - <title>GStreamer 1.20.3 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.3">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.20.3.tar.xz">GStreamer Plugins Good 1.20.3</a> - </content> - </reference> - - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d.patch">Patch 1</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0001.md b/src/htdocs/security/sa-2023-0001.md new file mode 100644 index 00000000..2f2ea2ca --- /dev/null +++ b/src/htdocs/security/sa-2023-0001.md @@ -0,0 +1,48 @@ +# Security Advisory 2023-0001 (ZDI-CAN-20775, CVE-2023-37327) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow leading to heap overwrite in FLAC image tag handling | +| Date | 2023-06-20 18:00 | +| Affected Versions | GStreamer gst-plugins-good 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x | +| IDs | GStreamer-SA-2023-0001<br/>ZDI-CAN-20775<br/>CVE-2023-37327 | + +</div> + +## Details + +Heap-based buffer overflow in the FLAC parser when handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-good 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-37327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37327) + +### GStreamer 1.22.4 release + +- [Release Notes](/releases/1.22/#1.22.4) +- [GStreamer Plugins Good 1.22.4](/src/gst-plugins-good/gst-plugins-good-1.22.4.tar.xz) + +### GStreamer 1.20.7 release + +- [Release Notes](/releases/1.20/#1.20.7) +- [GStreamer Plugins Good 1.20.7](/src/gst-plugins-good/gst-plugins-good-1.20.7.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch) diff --git a/src/htdocs/security/sa-2023-0001.xml b/src/htdocs/security/sa-2023-0001.xml deleted file mode 100644 index b15757ae..00000000 --- a/src/htdocs/security/sa-2023-0001.xml +++ /dev/null @@ -1,50 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0001</id> -<alternate-name>ZDI-CAN-20775</alternate-name> -<alternate-name>CVE-2023-37327</alternate-name> -<date>2023-06-20 18:00</date> -<summary>Integer overflow leading to heap overwrite in FLAC image tag handling</summary> -<affected-versions>GStreamer gst-plugins-good 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x</affected-versions> - -<details>Heap-based buffer overflow in the FLAC parser when handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-good 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37327">CVE-2023-37327</a> </content> - </reference> - <reference> - <title>GStreamer 1.22.4 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.22.4.tar.xz">GStreamer Plugins Good 1.22.4</a> - </content> - </reference> - <reference> - <title>GStreamer 1.20.7 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.7">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.20.7.tar.xz">GStreamer Plugins Good 1.20.7</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch">Patches</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0002.md b/src/htdocs/security/sa-2023-0002.md new file mode 100644 index 00000000..48048da1 --- /dev/null +++ b/src/htdocs/security/sa-2023-0002.md @@ -0,0 +1,48 @@ +# Security Advisory 2023-0002 (ZDI-CAN-20968, CVE-2023-37328) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Heap overwrite in subtitle parsing | +| Date | 2023-06-20 18:00 | +| Affected Versions | GStreamer gst-plugins-base 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x | +| IDs | GStreamer-SA-2023-0002<br/>ZDI-CAN-20968<br/>CVE-2023-37328 | + +</div> + +## Details + +Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22.4 / 1.20.7. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-base 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-37328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37328) + +### GStreamer 1.22.4 release + +- [Release Notes](/releases/1.22/#1.22.4) +- [GStreamer Plugins Base 1.22.4](/src/gst-plugins-base/gst-plugins-base-1.22.4.tar.xz) + +### GStreamer 1.20.7 release + +- [Release Notes](/releases/1.20/#1.20.7) +- [GStreamer Plugins Base 1.20.7](/src/gst-plugins-base/gst-plugins-base-1.20.7.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch) diff --git a/src/htdocs/security/sa-2023-0002.xml b/src/htdocs/security/sa-2023-0002.xml deleted file mode 100644 index 6511e941..00000000 --- a/src/htdocs/security/sa-2023-0002.xml +++ /dev/null @@ -1,50 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0002</id> -<alternate-name>ZDI-CAN-20968</alternate-name> -<alternate-name>CVE-2023-37328</alternate-name> -<date>2023-06-20 18:00</date> -<summary>Heap overwrite in subtitle parsing</summary> -<affected-versions>GStreamer gst-plugins-base 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x</affected-versions> - -<details>Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22.4 / 1.20.7.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-base 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37328">CVE-2023-37328</a> </content> - </reference> - <reference> - <title>GStreamer 1.22.4 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.22.4.tar.xz">GStreamer Plugins Base 1.22.4</a> - </content> - </reference> - <reference> - <title>GStreamer 1.20.7 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.7">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.20.7.tar.xz">GStreamer Plugins Base 1.20.7</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch">Patches</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0003.md b/src/htdocs/security/sa-2023-0003.md new file mode 100644 index 00000000..3c31cc58 --- /dev/null +++ b/src/htdocs/security/sa-2023-0003.md @@ -0,0 +1,48 @@ +# Security Advisory 2023-0003 (ZDI-CAN-20994, CVE-2023-37329) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Heap overwrite in PGS subtitle overlay decoder | +| Date | 2023-06-20 18:00 | +| Affected Versions | GStreamer gst-plugins-bad 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x | +| IDs | GStreamer-SA-2023-0003<br/>ZDI-CAN-20994<br/>CVE-2023-37329 | + +</div> + +## Details + +Heap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-bad 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-37329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37329) + +### GStreamer 1.22.4 release + +- [Release Notes](/releases/1.22/#1.22.4) +- [GStreamer Plugins Bad 1.22.4](/src/gst-plugins-bad/gst-plugins-bad-1.22.4.tar.xz) + +### GStreamer 1.20.7 release + +- [Release Notes](/releases/1.20/#1.20.7) +- [GStreamer Plugins Bad 1.20.7](/src/gst-plugins-bad/gst-plugins-bad-1.20.7.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch) diff --git a/src/htdocs/security/sa-2023-0003.xml b/src/htdocs/security/sa-2023-0003.xml deleted file mode 100644 index c5743cde..00000000 --- a/src/htdocs/security/sa-2023-0003.xml +++ /dev/null @@ -1,51 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0003</id> -<alternate-name>ZDI-CAN-20994</alternate-name> -<alternate-name>CVE-2023-37329</alternate-name> -<date>2023-06-20 18:00</date> -<summary>Heap overwrite in PGS subtitle overlay decoder</summary> -<affected-versions>GStreamer gst-plugins-bad 1.x < 1.22.4, 1.x < 1.20.7, 0.10.x</affected-versions> - -<details>Heap-based buffer overflow in the PGS blu-ray subtitle decoder when handling certain files in GStreamer versions before 1.22.4 / 1.20.7.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.4 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37329">CVE-2023-37329</a> </content> - </reference> - <reference> - <title>GStreamer 1.22.4 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.4">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.4.tar.xz">GStreamer Plugins Bad 1.22.4</a> - </content> - </reference> - <reference> - <title>GStreamer 1.20.7 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.7">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.20.7.tar.xz">GStreamer Plugins Bad 1.20.7</a> - </content> - </reference> - - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch">Patches</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0004.md b/src/htdocs/security/sa-2023-0004.md new file mode 100644 index 00000000..2b853dd6 --- /dev/null +++ b/src/htdocs/security/sa-2023-0004.md @@ -0,0 +1,44 @@ +# Security Advisory 2023-0004 (ZDI-CAN-21443) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow leading to heap overwrite in RealMedia file handling | +| Date | 2023-07-20 14:00 | +| Affected Versions | GStreamer gst-plugins-ugly 1.x < 1.22.5, 1.x < 1.20.7, 0.10.x | +| IDs | GStreamer-SA-2023-0004<br/>ZDI-CAN-21443 | + +</div> + +## Details + +Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5 / 1.20.7. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-ugly 1.22.5 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### GStreamer 1.22.5 release + +- [Release Notes](/releases/1.22/#1.22.5) +- [GStreamer Plugins Ugly 1.22.5](/src/gst-plugins-ugly/gst-plugins-ugly-1.22.5.tar.xz) + +### GStreamer 1.20.7 release + +- [Release Notes](/releases/1.20/#1.20.7) +- [GStreamer Plugins Ugly 1.20.7](/src/gst-plugins-ugly/gst-plugins-ugly-1.20.7.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072.patch) diff --git a/src/htdocs/security/sa-2023-0004.xml b/src/htdocs/security/sa-2023-0004.xml deleted file mode 100644 index 9bbd1add..00000000 --- a/src/htdocs/security/sa-2023-0004.xml +++ /dev/null @@ -1,52 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0004</id> -<alternate-name>ZDI-CAN-21443</alternate-name> -<!--<alternate-name>CVE-2023-FIXME</alternate-name>--> -<date>2023-07-20 14:00</date> -<summary>Integer overflow leading to heap overwrite in RealMedia file handling</summary> -<affected-versions>GStreamer gst-plugins-ugly 1.x < 1.22.5, 1.x < 1.20.7, 0.10.x</affected-versions> - -<details>Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-ugly 1.22.5 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> -<!-- - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-FIXME">CVE-2023-FIXME</a> </content> - </reference> ---> - <reference> - <title>GStreamer 1.22.5 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.5">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.22.5.tar.xz">GStreamer Plugins Ugly 1.22.5</a> - </content> - </reference> - <reference> - <title>GStreamer 1.20.7 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.7">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.20.7.tar.xz">GStreamer Plugins Ugly 1.20.7</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072.patch">Patches</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0005.md b/src/htdocs/security/sa-2023-0005.md new file mode 100644 index 00000000..fa3ed706 --- /dev/null +++ b/src/htdocs/security/sa-2023-0005.md @@ -0,0 +1,44 @@ +# Security Advisory 2023-0005 (ZDI-CAN-21444) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow leading to heap overwrite in RealMedia file handling | +| Date | 2023-07-20 14:00 | +| Affected Versions | GStreamer gst-plugins-ugly 1.x < 1.22.5, 1.x < 1.20.7, 0.10.x | +| IDs | GStreamer-SA-2023-0005<br/>ZDI-CAN-21444 | + +</div> + +## Details + +Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5 / 1.20.7. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-ugly 1.22.5 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### GStreamer 1.22.5 release + +- [Release Notes](/releases/1.22/#1.22.5) +- [GStreamer Plugins Ugly 1.22.5](/src/gst-plugins-ugly/gst-plugins-ugly-1.22.5.tar.xz) + +### GStreamer 1.20.7 release + +- [Release Notes](/releases/1.20/#1.20.7) +- [GStreamer Plugins Ugly 1.20.7](/src/gst-plugins-ugly/gst-plugins-ugly-1.20.7.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072.patch) diff --git a/src/htdocs/security/sa-2023-0005.xml b/src/htdocs/security/sa-2023-0005.xml deleted file mode 100644 index 92f59341..00000000 --- a/src/htdocs/security/sa-2023-0005.xml +++ /dev/null @@ -1,55 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<!-- yes, this is pretty much identical to 2023-0004 and should have been - filed as a single issue really, but since there are two ZDI numbers - I guess we have to make it two advisories.. --> -<id>2023-0005</id> -<alternate-name>ZDI-CAN-21444</alternate-name> -<!--<alternate-name>CVE-2023-FIXME</alternate-name>--> -<date>2023-07-20 14:00</date> -<summary>Integer overflow leading to heap overwrite in RealMedia file handling</summary> -<affected-versions>GStreamer gst-plugins-ugly 1.x < 1.22.5, 1.x < 1.20.7, 0.10.x</affected-versions> - -<details>Heap-based buffer overflow in the RealMedia file demuxer when handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-ugly 1.22.5 / 1.20.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> -<!-- - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-FIXME">CVE-2023-FIXME</a> </content> - </reference> ---> - <reference> - <title>GStreamer 1.22.5 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.5">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.22.5.tar.xz">GStreamer Plugins Ugly 1.22.5</a> - </content> - </reference> - <reference> - <title>GStreamer 1.20.7 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.20/#1.20.7">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.20.7.tar.xz">GStreamer Plugins Ugly 1.20.7</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072.patch">Patches</a></content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0006.md b/src/htdocs/security/sa-2023-0006.md new file mode 100644 index 00000000..97dc44ea --- /dev/null +++ b/src/htdocs/security/sa-2023-0006.md @@ -0,0 +1,43 @@ +# Security Advisory 2023-0006 (ZDI-CAN-21660, CVE-2023-40474) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow leading to heap overwrite in MXF file handling with uncompressed video | +| Date | 2023-09-20 20:00 | +| Affected Versions | GStreamer gst-plugins-bad < 1.22.6 | +| IDs | GStreamer-SA-2023-0006<br/>ZDI-CAN-21660<br/>CVE-2023-40474 | + +</div> + +## Details + +Heap-based buffer overflow in the MXF file demuxer when handling malformed files with uncompressed video in GStreamer versions before 1.22.6 + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-40474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40474) + +### GStreamer 1.22.6 release + +- [Release Notes](/releases/1.22/#1.22.6) +- [GStreamer Plugins Bad 1.22.6](/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch) (includes patch for SA-2023-0007 / ZDI-CAN-21661 / CVE-2023-40475) diff --git a/src/htdocs/security/sa-2023-0006.xml b/src/htdocs/security/sa-2023-0006.xml deleted file mode 100644 index c3502877..00000000 --- a/src/htdocs/security/sa-2023-0006.xml +++ /dev/null @@ -1,46 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0006</id> -<alternate-name>ZDI-CAN-21660</alternate-name> -<alternate-name>CVE-2023-40474</alternate-name> -<date>2023-09-20 20:00</date> -<summary>Integer overflow leading to heap overwrite in MXF file handling with uncompressed video</summary> -<affected-versions>GStreamer gst-plugins-bad < 1.22.6</affected-versions> - -<details>Heap-based buffer overflow in the MXF file demuxer when handling malformed files with uncompressed video in GStreamer versions before 1.22.6</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40474">CVE-2023-40474</a> </content> - </reference> - - <reference> - <title>GStreamer 1.22.6 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.6">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz">GStreamer Plugins Bad 1.22.6</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch">Patches</a> (includes patch for SA-2023-0007 / ZDI-CAN-21661 / CVE-2023-40475) - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0007.md b/src/htdocs/security/sa-2023-0007.md new file mode 100644 index 00000000..ec85278d --- /dev/null +++ b/src/htdocs/security/sa-2023-0007.md @@ -0,0 +1,43 @@ +# Security Advisory 2023-0007 (ZDI-CAN-21661, CVE-2023-40475) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow leading to heap overwrite in MXF file handling with AES3 audio | +| Date | 2023-09-20 20:00 | +| Affected Versions | GStreamer gst-plugins-bad < 1.22.6 | +| IDs | GStreamer-SA-2023-0007<br/>ZDI-CAN-21661<br/>CVE-2023-40475 | + +</div> + +## Details + +Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6 + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-40475](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40475) + +### GStreamer 1.22.6 release + +- [Release Notes](/releases/1.22/#1.22.6) +- [GStreamer Plugins Bad 1.22.6](/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch) (includes patch for SA-2023-0006 / ZDI-CAN-21660 / CVE-2023-40474) diff --git a/src/htdocs/security/sa-2023-0007.xml b/src/htdocs/security/sa-2023-0007.xml deleted file mode 100644 index 8b81c868..00000000 --- a/src/htdocs/security/sa-2023-0007.xml +++ /dev/null @@ -1,46 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0007</id> -<alternate-name>ZDI-CAN-21661</alternate-name> -<alternate-name>CVE-2023-40475</alternate-name> -<date>2023-09-20 20:00</date> -<summary>Integer overflow leading to heap overwrite in MXF file handling with AES3 audio</summary> -<affected-versions>GStreamer gst-plugins-bad < 1.22.6</affected-versions> - -<details>Heap-based buffer overflow in the MXF file demuxer when handling malformed files with AES3 audio in GStreamer versions before 1.22.6</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40475">CVE-2023-40475</a> </content> - </reference> - - <reference> - <title>GStreamer 1.22.6 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.6">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz">GStreamer Plugins Bad 1.22.6</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362.patch">Patches</a> (includes patch for SA-2023-0006 / ZDI-CAN-21660 / CVE-2023-40474) - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0008.md b/src/htdocs/security/sa-2023-0008.md new file mode 100644 index 00000000..d4cddc48 --- /dev/null +++ b/src/htdocs/security/sa-2023-0008.md @@ -0,0 +1,43 @@ +# Security Advisory 2023-0008 (ZDI-CAN-21768, CVE-2023-40476) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | Integer overflow in H.265 video parser leading to stack overwrite | +| Date | 2023-09-20 20:00 | +| Affected Versions | GStreamer gst-plugins-bad < 1.22.6 | +| IDs | GStreamer-SA-2023-0008<br/>ZDI-CAN-21768<br/>CVE-2023-40476 | + +</div> + +## Details + +Stack-based buffer overflow in the H.265 video parser when handling malformed H.265 video streams in GStreamer versions before 1.22.6 + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through stack manipulation. + +## Solution + +The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-40476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40476) + +### GStreamer 1.22.6 release + +- [Release Notes](/releases/1.22/#1.22.6) +- [GStreamer Plugins Bad 1.22.6](/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz) + +### Patches + +- [Patches](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364.patch) diff --git a/src/htdocs/security/sa-2023-0008.xml b/src/htdocs/security/sa-2023-0008.xml deleted file mode 100644 index a29b38d4..00000000 --- a/src/htdocs/security/sa-2023-0008.xml +++ /dev/null @@ -1,46 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0008</id> -<alternate-name>ZDI-CAN-21768</alternate-name> -<alternate-name>CVE-2023-40476</alternate-name> -<date>2023-09-20 20:00</date> -<summary>Integer overflow in H.265 video parser leading to stack overwrite</summary> -<affected-versions>GStreamer gst-plugins-bad < 1.22.6</affected-versions> - -<details>Stack-based buffer overflow in the H.265 video parser when handling malformed H.265 video streams in GStreamer versions before 1.22.6</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through stack manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.6 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40476">CVE-2023-40476</a> </content> - </reference> - - <reference> - <title>GStreamer 1.22.6 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.6">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.6.tar.xz">GStreamer Plugins Bad 1.22.6</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364.patch">Patches</a> - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0009.md b/src/htdocs/security/sa-2023-0009.md new file mode 100644 index 00000000..6f65f234 --- /dev/null +++ b/src/htdocs/security/sa-2023-0009.md @@ -0,0 +1,43 @@ +# Security Advisory 2023-0009 (ZDI-CAN-22226, CVE-2023-44429) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | AV1 codec parser buffer overflow | +| Date | 2023-11-13 12:00 | +| Affected Versions | GStreamer gst-plugins-bad < 1.22.7 | +| IDs | GStreamer-SA-2023-0009<br/>ZDI-CAN-22226<br/>CVE-2023-44429 | + +</div> + +## Details + +Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.7 + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-bad 1.22.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-44429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44429) + +### GStreamer 1.22.7 release + +- [Release Notes](/releases/1.22/#1.22.7) +- [GStreamer Plugins Bad 1.22.7](/src/gst-plugins-bad/gst-plugins-bad-1.22.7.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5634.patch) diff --git a/src/htdocs/security/sa-2023-0009.xml b/src/htdocs/security/sa-2023-0009.xml deleted file mode 100644 index b41ee723..00000000 --- a/src/htdocs/security/sa-2023-0009.xml +++ /dev/null @@ -1,46 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0009</id> -<alternate-name>ZDI-CAN-22226</alternate-name> -<alternate-name>CVE-2023-44429</alternate-name> -<date>2023-11-13 12:00</date> -<summary>AV1 codec parser buffer overflow</summary> -<affected-versions>GStreamer gst-plugins-bad < 1.22.7</affected-versions> - -<details>Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.7</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44429">CVE-2023-44429</a> </content> - </reference> - - <reference> - <title>GStreamer 1.22.7 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.7">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.7.tar.xz">GStreamer Plugins Bad 1.22.7</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5634.patch">Patch</a> - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0010.md b/src/htdocs/security/sa-2023-0010.md new file mode 100644 index 00000000..efb8956b --- /dev/null +++ b/src/htdocs/security/sa-2023-0010.md @@ -0,0 +1,43 @@ +# Security Advisory 2023-0010 (ZDI-CAN-22299, CVE-2023-44446) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | MXF demuxer use-after-free | +| Date | 2023-11-13 12:00 | +| Affected Versions | GStreamer gst-plugins-bad < 1.22.7 | +| IDs | GStreamer-SA-2023-0010<br/>ZDI-CAN-22299<br/>CVE-2023-44446 | + +</div> + +## Details + +Use-after-free (read) in the MXF demuxer when handling certain files before GStreamer 1.22.7 + +## Impact + +It is possible for a malicious third party to trigger a crash in the application. + +## Solution + +The gst-plugins-bad 1.22.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2023-44446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44446) + +### GStreamer 1.22.7 release + +- [Release Notes](/releases/1.22/#1.22.7) +- [GStreamer Plugins Bad 1.22.7](/src/gst-plugins-bad/gst-plugins-bad-1.22.7.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635.patch) diff --git a/src/htdocs/security/sa-2023-0010.xml b/src/htdocs/security/sa-2023-0010.xml deleted file mode 100644 index 12289a46..00000000 --- a/src/htdocs/security/sa-2023-0010.xml +++ /dev/null @@ -1,44 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0010</id> -<alternate-name>ZDI-CAN-22299</alternate-name> -<alternate-name>CVE-2023-44446</alternate-name> -<date>2023-11-13 12:00</date> -<summary>MXF demuxer use-after-free</summary> -<affected-versions>GStreamer gst-plugins-bad < 1.22.7</affected-versions> - -<details>Use-after-free (read) in the MXF demuxer when handling certain files before GStreamer 1.22.7</details> -<impact>It is possible for a malicious third party to trigger a crash in the application.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.7 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44446">CVE-2023-44446</a> </content> - </reference> - <reference> - <title>GStreamer 1.22.7 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.7">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.7.tar.xz">GStreamer Plugins Bad 1.22.7</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635.patch">Patch</a> - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2023-0011.md b/src/htdocs/security/sa-2023-0011.md new file mode 100644 index 00000000..08dca570 --- /dev/null +++ b/src/htdocs/security/sa-2023-0011.md @@ -0,0 +1,38 @@ +# Security Advisory 2023-0011 (ZDI-CAN-22300) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | AV1 codec parser buffer overflow | +| Date | 2023-12-18 14:00 | +| Affected Versions | GStreamer gst-plugins-bad < 1.22.8 | +| IDs | GStreamer-SA-2023-0011<br/>ZDI-CAN-22300 | + +</div> + +## Details + +Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.8 + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-bad 1.22.8 releases address the issue. People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### GStreamer 1.22.8 release + +- [Release Notes](/releases/1.22/#1.22.8) +- [GStreamer Plugins Bad 1.22.8](/src/gst-plugins-bad/gst-plugins-bad-1.22.8.tar.xz) + +### Patches +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5823.patch) diff --git a/src/htdocs/security/sa-2023-0011.xml b/src/htdocs/security/sa-2023-0011.xml deleted file mode 100644 index 35902410..00000000 --- a/src/htdocs/security/sa-2023-0011.xml +++ /dev/null @@ -1,47 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2023-0011</id> -<alternate-name>ZDI-CAN-22300</alternate-name> -<!-- <alternate-name>tbd</alternate-name> --> -<date>2023-12-18 14:00</date> -<summary>AV1 codec parser buffer overflow</summary> -<affected-versions>GStreamer gst-plugins-bad < 1.22.8</affected-versions> - -<details>Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.8</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.8 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - -<!-- - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44429">CVE-2023-44429</a> </content> - </reference> ---> - <reference> - <title>GStreamer 1.22.8 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.8">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.8.tar.xz">GStreamer Plugins Bad 1.22.8</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5823.patch">Patch</a> - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/sa-2024-0001.md b/src/htdocs/security/sa-2024-0001.md new file mode 100644 index 00000000..b376f606 --- /dev/null +++ b/src/htdocs/security/sa-2024-0001.md @@ -0,0 +1,45 @@ +# Security Advisory 2024-0001 (ZDI-CAN-22873, CVE-2024-0444) + +<div class="vertical-table"> + +| | | +| ----------------- | --- | +| Summary | AV1 codec parser potential buffer overflow during tile list parsing | +| Date | 2024-01-24 20:00 | +| Affected Versions | GStreamer gst-plugins-bad < 1.22.9 | +| IDs | GStreamer-SA-2024-0001<br/>ZDI-CAN-22873<br/>CVE-2024-0444 | + +</div> + +## Details + +Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9. + +## Impact + +It is possible for a malicious third party to trigger a crash in the application, +and possibly also effect code execution through heap manipulation. + +## Solution + +The gst-plugins-bad 1.22.9 releases address the issue. +People using older branches of GStreamer should apply the patch and recompile. + +## References + +### The GStreamer project + +- [https://gstreamer.freedesktop.org](https://gstreamer.freedesktop.org) + +### CVE Database Entries + +- [CVE-2024-0444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0444) + +### GStreamer 1.22.9 release + +- [Release notes](/releases/1.22/#1.22.9) +- [GStreamer Plugins Bad 1.22.9](/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz) + +### Patches + +- [Patch](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970.patch) diff --git a/src/htdocs/security/sa-2024-0001.xml b/src/htdocs/security/sa-2024-0001.xml deleted file mode 100644 index 1793b97c..00000000 --- a/src/htdocs/security/sa-2024-0001.xml +++ /dev/null @@ -1,46 +0,0 @@ -<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> -<!DOCTYPE xsl:stylesheet -[ - <!ENTITY % site-entities SYSTEM "../entities.site"> - %site-entities; -]> -<advisory> -<id>2024-0001</id> -<alternate-name>ZDI-CAN-22873</alternate-name> -<alternate-name>CVE-2024-0444</alternate-name> -<date>2024-01-24 20:00</date> -<summary>AV1 codec parser potential buffer overflow during tile list parsing</summary> -<affected-versions>GStreamer gst-plugins-bad < 1.22.9</affected-versions> - -<details>Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9</details> -<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> -<mitigation></mitigation> -<workarounds></workarounds> -<solution></solution> -<solution>The gst-plugins-bad 1.22.9 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> -<references> - <reference> - <title>The GStreamer project</title> - <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> - </reference> - - <reference> - <title>CVE Database Entries</title> - <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0444">CVE-2024-0444</a> </content> - </reference> - - <reference> - <title>GStreamer 1.22.9 release</title> - <content> - <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.9">Release Notes</a> - <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz">GStreamer Plugins Bad 1.22.9</a> - </content> - </reference> - <reference> - <title>Patches</title> - <content> - <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970.patch">Patch</a> - </content> - </reference> -</references> -</advisory> diff --git a/src/htdocs/security/security.md b/src/htdocs/security/security.md new file mode 100644 index 00000000..b77718aa --- /dev/null +++ b/src/htdocs/security/security.md @@ -0,0 +1,39 @@ +# Security Center +## Security Contacts + +Security notifications or problems should be reported in [GitLab](https://gitlab.freedesktop.org/gstreamer) by +[<u>filing an issue</u>](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/new?issue[confidential]=true) +and marking it as *confidential* before submitting it (if you follow the link on the left the confidential checkbox should already be ticked). + +If you have patches, please attach them to the confidential issue and not via a merge requests, as merge requests are always public immediately. + +The GStreamer project encourages [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) of security issues. + +## Security Advisories + +| ID | Summary | Date | | +| --- | ------- | :----: | --- | +| **GStreamer-SA-2024-0001**<br/>ZDI-CAN-22873<br/>CVE-2024-0444 | AV1 codec parser potential buffer overflow during tile list parsing | 2024-01-24 20:00 | [Details](sa-2024-0001.html) | +| **GStreamer-SA-2023-0011**<br/>ZDI-CAN-22300 | AV1 codec parser buffer overflow | 2023-12-18 14:00 | [Details](sa-2023-0011.html) | +| **GStreamer-SA-2023-0010**<br/>ZDI-CAN-22299<br/>CVE-2023-44446 | MXF demuxer use-after-free | 2023-11-13 12:00 | [Details](sa-2023-0010.html) | +| **GStreamer-SA-2023-0009**<br/>ZDI-CAN-22226<br/>CVE-2023-44429 | AV1 codec parser buffer overflow | 2023-11-13 12:00 | [Details](sa-2023-0009.html) | +| **GStreamer-SA-2023-0008**<br/>ZDI-CAN-21768<br/>CVE-2023-40476 | Integer overflow in H.265 video parser leading to stack overwrite | 2023-09-20 20:00 | [Details](sa-2023-0008.html) | +| **GStreamer-SA-2023-0007**<br/>ZDI-CAN-21661<br/>CVE-2023-40475 | Integer overflow leading to heap overwrite in MXF file handling with AES3 audio | 2023-09-20 20:00 | [Details](sa-2023-0007.html) | +| **GStreamer-SA-2023-0006**<br/>ZDI-CAN-21660<br/>CVE-2023-40474 | Integer overflow leading to heap overwrite in MXF file handling with uncompressed video | 2023-09-20 20:00 | [Details](sa-2023-0006.html) | +| **GStreamer-SA-2023-0005**<br/>ZDI-CAN-21444 | Integer overflow leading to heap overwrite in RealMedia file handling | 2023-07-20 14:00 | [Details](sa-2023-0005.html) | +| **GStreamer-SA-2023-0004**<br/>ZDI-CAN-21443 | Integer overflow leading to heap overwrite in RealMedia file handling | 2023-07-20 14:00 | [Details](sa-2023-0004.html) | +| **GStreamer-SA-2023-0003**<br/>ZDI-CAN-20994<br/>CVE-2023-37329 | Heap overwrite in PGS subtitle overlay decoder | 2023-06-20 18:00 | [Details](sa-2023-0003.html) | +| **GStreamer-SA-2023-0002**<br/>ZDI-CAN-20968<br/>CVE-2023-37328 | Heap overwrite in subtitle parsing | 2023-06-20 18:00 | [Details](sa-2023-0002.html) | +| **GStreamer-SA-2023-0001**<br/>ZDI-CAN-20775<br/>CVE-2023-37327 | Integer overflow leading to heap overwrite in FLAC image tag handling | 2023-06-20 18:00 | [Details](sa-2023-0001.html) | +| **GStreamer-SA-2022-0004**<br/>CVE-2022-1920 | Potential heap overwrite in gst\_matroska\_demux\_add\_wvpk\_header | 2022-06-15 23:00 | [Details](sa-2022-0004.html) | +| **GStreamer-SA-2022-0003**<br/>CVE-2022-2122 | Potential heap overwrite in mp4 demuxing using zlib decompression | 2022-06-15 23:00 | [Details](sa-2022-0003.html) | +| **GStreamer-SA-2022-0002**<br/>CVE-2022-1922<br/>CVE-2022-1923<br/>CVE-2022-1924<br/>CVE-2022-1925 | Potential heap overwrite in mkv demuxing using zlib/bz2/lzo decompression | 2022-06-15 23:00 | [Details](sa-2022-0002.html) | +| **GStreamer-SA-2022-0001**<br/>CVE-2022-1921 | Heap overwrite in avi demuxing | 2022-06-15 23:00 | [Details](sa-2022-0001.html) | +| **GStreamer-SA-2021-0005** | Stack overflow in gst\_ffmpeg\_channel\_layout\_to\_gst() | 2021-03-15 16:00 | [Details](sa-2021-0005.html) | +| **GStreamer-SA-2021-0004** | Out-of-bounds read in realmedia demuxing | 2021-03-15 16:00 | [Details](sa-2021-0004.html) | +| **GStreamer-SA-2021-0003**<br/>CVE-2021-3498 | Heap corruption in matroska demuxing | 2021-03-15 16:00 | [Details](sa-2021-0003.html) | +| **GStreamer-SA-2021-0002**<br/>CVE-2021-3497 | Use-after-free in matroska demuxing | 2021-03-15 16:00 | [Details](sa-2021-0002.html) | +| **GStreamer-SA-2021-0001**<br/>CVE-2021-3522 | Out-of-bounds read in ID3v2 tag parsing | 2021-03-15 16:00 | [Details](sa-2021-0001.html) | +| **GStreamer-SA-2019-0001**<br/>CVE-2019-9928 | Buffer overflow in RTSP parsing | 2019-04-22 00:30 | [Details](sa-2019-0001.html) | +| **GStreamer-SA-2016-0002**<br/>CVE-2016-9634<br/>CVE-2016-9635<br/>CVE-2016-9636<br/>CVE-2016-9807 | Multiple Issues in FLC/FLI/FLX Decoder | 2016-11-23 03:00 | [Details](sa-2016-0002.html) | +| **GStreamer-SA-2016-0001**<br/>CVE-2016-9445<br/>CVE-2016-9446 | Multiple Issues in VMNC decoder | 2016-11-17 16:00 | [Details](sa-2016-0001.html) | |