Bug 1015941 - (CVE-2016-9957) VUL-0: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: libgme: Arbitrary code execution via malformed SPC music file
(CVE-2016-9957)
VUL-0: CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-9959:5.1:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-16 08:59 UTC by Mikhail Kasimov
Modified: 2017-06-15 20:08 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Proposed patch by the researcher (1.47 KB, patch)
2016-12-16 09:21 UTC, Johannes Segitz
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-12-16 08:59:36 UTC
References:[1] http://seclists.org/oss-sec/2016/q4/682
=========================================================

[1]: Hi

As reported by Chris Evans via

http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

Incorrect emulation of the SPC700 audio co-processor of the Super
Nintendo Entertainment System allows the execution of arbitrary code
if a malformed SPC music file is opened.

Debian released a DSA for this issue (in the qemu-music-emu source
package):

https://lists.debian.org/debian-security-announce/2016/msg00318.html

Could you please assign a CVE for this issue.

Regards,
Salvatore
=========================================================

[2] Vuln Description with Patch: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

Assigned CVEs:

[3] http://seclists.org/oss-sec/2016/q4/692

CVE-2016-9958
CVE-2016-9959
CVE-2016-9960
CVE-2016-9961
Comment 1 Johannes Segitz 2016-12-16 09:21:45 UTC
Created attachment 706714 [details]
Proposed patch by the researcher
Comment 3 Swamp Workflow Management 2016-12-16 23:00:29 UTC
bugbot adjusting priority
Comment 4 Swamp Workflow Management 2016-12-22 19:07:33 UTC
SUSE-SU-2016:3250-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1015941
CVE References: CVE-2016-9957,CVE-2016-9958,CVE-2016-9959,CVE-2016-9960,CVE-2016-9961
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Server 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Server 12-SP1 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libgme-0.6.0-5.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libgme-0.6.0-5.1
Comment 5 Swamp Workflow Management 2017-01-04 17:07:44 UTC
openSUSE-SU-2017:0022-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1015941
CVE References: CVE-2016-9957,CVE-2016-9958,CVE-2016-9959,CVE-2016-9960,CVE-2016-9961
Sources used:
openSUSE Leap 42.2 (src):    libgme-0.6.0-8.1
openSUSE Leap 42.1 (src):    libgme-0.6.0-7.1
Comment 6 Marcus Meissner 2017-06-15 20:08:01 UTC
released