Bug 1015941 (CVE-2016-9957)

Summary: VUL-0: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: libgme: Arbitrary code execution via malformed SPC music file
Product: [Novell Products] SUSE Security Incidents Reporter: Mikhail Kasimov <mikhail.kasimov>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jsegitz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2016-9959:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9960:2.6:(AV:N/AC:H/Au:N/C:N/I:N/A:P) CVSSv2:SUSE:CVE-2016-9957:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9961:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9958:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9957:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9958:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9959:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2016-9958:7.8:(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9957:7.8:(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9959:7.8:(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Proposed patch by the researcher

Description Mikhail Kasimov 2016-12-16 08:59:36 UTC
References:[1] http://seclists.org/oss-sec/2016/q4/682
=========================================================

[1]: Hi

As reported by Chris Evans via

http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

Incorrect emulation of the SPC700 audio co-processor of the Super
Nintendo Entertainment System allows the execution of arbitrary code
if a malformed SPC music file is opened.

Debian released a DSA for this issue (in the qemu-music-emu source
package):

https://lists.debian.org/debian-security-announce/2016/msg00318.html

Could you please assign a CVE for this issue.

Regards,
Salvatore
=========================================================

[2] Vuln Description with Patch: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

Assigned CVEs:

[3] http://seclists.org/oss-sec/2016/q4/692

CVE-2016-9958
CVE-2016-9959
CVE-2016-9960
CVE-2016-9961
Comment 1 Johannes Segitz 2016-12-16 09:21:45 UTC
Created attachment 706714 [details]
Proposed patch by the researcher
Comment 3 Swamp Workflow Management 2016-12-16 23:00:29 UTC
bugbot adjusting priority
Comment 4 Swamp Workflow Management 2016-12-22 19:07:33 UTC
SUSE-SU-2016:3250-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1015941
CVE References: CVE-2016-9957,CVE-2016-9958,CVE-2016-9959,CVE-2016-9960,CVE-2016-9961
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Server 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Server 12-SP1 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libgme-0.6.0-5.1
Comment 5 Swamp Workflow Management 2017-01-04 17:07:44 UTC
openSUSE-SU-2017:0022-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1015941
CVE References: CVE-2016-9957,CVE-2016-9958,CVE-2016-9959,CVE-2016-9960,CVE-2016-9961
Sources used:
openSUSE Leap 42.2 (src):    libgme-0.6.0-8.1
openSUSE Leap 42.1 (src):    libgme-0.6.0-7.1
Comment 6 Marcus Meissner 2017-06-15 20:08:01 UTC
released