Bug 927559 – VUL-0: CVE-2015-0797: gstreamer-0_10-plugins-bad,gstreamer-plugins-bad: a buffer overflow in the GStreamer plugin for MP4 playback could lead to the execution of arbitrary code

Bug 927559 - (CVE-2015-0797) VUL-0: CVE-2015-0797: gstreamer-0_10-plugins-bad,gstreamer-plugins-bad: a buffer overflow in the GStreamer plugin for MP4 playback could lead to the execution of arbitrary code

(CVE-2015-0797)
Summary:	VUL-0: CVE-2015-0797: gstreamer-0_10-plugins-bad,gstreamer-plugins-bad: a buf...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P1 - Urgent Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/115942/
Whiteboard:	maint:released:sle11-sp3:61627
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-04-17 08:34 UTC by Andreas Stieger
Modified:	2015-05-26 12:06 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch extracted from debian package (1.02 KB, patch) 2015-04-17 08:34 UTC, Andreas Stieger	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-04-17 08:34:22 UTC

Created attachment 631408 [details]
patch extracted from debian package

This was released as a debian security update:

Debian Security Advisory
DSA-3225-1 gst-plugins-bad0.10 -- security update

Date Reported:    15 Apr 2015
Affected Packages:    gst-plugins-bad0.10 
Vulnerable:    Yes
Security database references:
    In Mitre's CVE dictionary: CVE-2015-0797.
More information:
    Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead to the execution of arbitrary code.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0797
http://www.debian.org/security/2015/dsa-3225
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0797.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797


Patch extracted from Debian package.

Comment 6 Swamp Workflow Management 2015-04-17 12:39:54 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-04-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61564

Comment 8 Bernhard Wiedemann 2015-04-24 08:00:23 UTC

This is an autogenerated message for OBS integration:
This bug (927559) was mentioned in
https://build.opensuse.org/request/show/303530 Factory / gstreamer-0_10-plugins-bad

Comment 10 Swamp Workflow Management 2015-05-20 17:05:02 UTC

SUSE-SU-2015:0921-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 927559
CVE References: CVE-2015-0797
Sources used:
SUSE Linux Enterprise Desktop 11 SP3 (src):    gstreamer-0_10-plugins-bad-0.10.22-7.11.1

Comment 11 Sebastian Krahmer 2015-05-26 11:48:24 UTC

released

Comment 12 Swamp Workflow Management 2015-05-26 12:06:41 UTC

SUSE-SU-2015:0942-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 927559
CVE References: CVE-2015-0797
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    gstreamer-0_10-plugins-bad-0.10.23-17.1
SUSE Linux Enterprise Software Development Kit 12 (src):    gstreamer-0_10-plugins-bad-0.10.23-17.1
SUSE Linux Enterprise Desktop 12 (src):    gstreamer-0_10-plugins-bad-0.10.23-17.1