Security fixes from 2017-02-10 01:29 UTC
22 views
Skip to first unread message
Graham Christensen
Feb 9, 2017, 8:30:03 PM2/9/17
to nix-securi...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The following issues have been resolved in NixOS in release-16.09 and
unstable. They remain potentially vulnerable on older major
releases.
These patches will be released to the unstable and
release-16.09 channels when Hydra finishes building the "tested" job
for each channel:
- https://hydra.nixos.org/job/nixos/release-16.09/tested
- https://hydra.nixos.org/job/nixos/trunk-combined/tested
Please consider helping with the next security roundup by commenting on
https://github.com/NixOS/nixpkgs/issues/22549.
The following changes were applied to release-16.09:
f6169b1 linux: 4.9.8 -> 4.9.9
> All kernel patches are considered security-sensitive.
382a97b linux: 4.4.47 -> 4.4.48
> All kernel patches are considered security-sensitive.
ddfc6a6 linux: 3.18.47 -> 3.18.48
> All kernel patches are considered security-sensitive.
e1e3ef7 graphicsmagick: patch for CVE-2016-9830
8e86250 bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
> See https://kb.isc.org/article/AA-01453
fc30b42 rtmpdump: 2015-01-15 -> 2015-12-30
> Numerous issues:
>
> - https://lwn.net/Vulnerabilities/713784/
> - https://lwn.net/Vulnerabilities/670061/
723a563 ntfs3g: patch for CVE-2017-0358
> From the Debian advisory:
>
> Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write
> NTFS driver for FUSE, does not scrub the environment before executing
> modprobe with elevated privileges. A local user can take advantage of
> this flaw for local root privilege escalation.
4562b1b spice: Patch for CVE-2016-9577, CVE-2016-9578
> spice: Patch for CVE-2016-9577, CVE-2016-9578
>
> From the Red Hat advisory:
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An authenticated attacker could send crafted messages to
> the spice server causing a heap overflow leading to a crash or
> possible code execution. (CVE-2016-9577)
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An attacker able to connect to the spice server could send
> crafted messages which would cause the process to crash.
> (CVE-2016-9578)
1873f69 wavpack: 4.80.0 -> 5.1.0
> From the Fedora advisory:
>
> CVE-2016-10172 wavpack: Heap out of bounds read in
> read_new_config_info / open_utils.c
> https://bugzilla.redhat.com/show_bug.cgi?id=1417853
>
> CVE-2016-10171 wavpack: Heap out of bounds read in unreorder_channels
> / wvunpack.c https://bugzilla.redhat.com/show_bug.cgi?id=1417852
>
> CVE-2016-10170 wavpack: Heap out of bounds read in WriteCaffHeader /
> caff.c https://bugzilla.redhat.com/show_bug.cgi?id=1417851
>
> CVE-2016-10169 wavpack: Global buffer overread in read_code /
> read_words.c https://bugzilla.redhat.com/show_bug.cgi?id=1417850
504d394 gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
> gst-plugins-bad:
> From the Arch Linux advisory:
> - CVE-2017-5843 (arbitrary code execution): A double-free issue has
> been found in gstreamer before 1.10.3, in
> gst_mxf_demux_update_essence_tracks.
>
> - CVE-2017-5848 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
> More: https://lwn.net/Vulnerabilities/713772/
>
> gst-plugins-base:
> From the Arch Linux advisory:
>
> - CVE-2017-5837 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
>
> - CVE-2017-5839 (denial of service): An endless recursion issue
> leading to stack overflow has been found in gstreamer before 1.10.3,
> in gst_riff_create_audio_caps.
>
> - CVE-2017-5842 (arbitrary code execution): An off-by-one write has
> been found in gstreamer before 1.10.3, in
> html_context_handle_element.
>
> - CVE-2017-5844 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
> More: https://lwn.net/Vulnerabilities/713773/
>
> gst-plugins-good:
> From the Arch Linux advisory:
>
> - CVE-2016-10198 (denial of service): An invalid memory read flaw has
> been found in gstreamer before 1.10.3, in
> gst_aac_parse_sink_setcaps.
>
> - CVE-2016-10199 (denial of service): An out of bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
>
> - CVE-2017-5840 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_parse_samples.
>
> - CVE-2017-5841 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
>
> - CVE-2017-5845 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
> More: https://lwn.net/Vulnerabilities/713774/
>
> gst-plugins-ugly:
> From the Arch Linux advisory:
>
> - CVE-2017-5846 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_stream_props.
>
> - CVE-2017-5847 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_content_desc.
> More: https://lwn.net/Vulnerabilities/713775/
>
> gstreamer:
> From the Arch Linux advisory:
>
> An out of bounds read has been found in gstreamer before 1.10.3, in
> gst_date_time_new_from_iso8601_string.
> More: https://lwn.net/Vulnerabilities/713776/
98f8cfb grsecurity: 4.9.8-201702060653 -> 201702071801
> All kernel patches are considered security-sensitive.
fc6a87e grsecurity: 4.8.17-201701151620 -> 4.9.8-201702060653
> All kernel patches are considered security-sensitive.
82a6c83 fpm: fix vulnerable dependency
fed923e chromium: 55.0.2883.87 -> 56.0.2924.87
> All browser patches are considered security-sensitive.
======================================================================
The following changes were applied to unstable:
9dec33d linux: 4.9.8 -> 4.9.9
> All kernel patches are considered security-sensitive.
9d82485 linux: 4.4.47 -> 4.4.48
> All kernel patches are considered security-sensitive.
4b6692a graphicsmagick: patch for CVE-2016-9830
bfee52a epiphany: 3.22.5 -> 3.22.6 for security issue
> From https://bugzilla.gnome.org/show_bug.cgi?id=752738:
>
> The page http://whatever.com has access to saved passwords of
> https://whatever.com. This was a very bad idea: it makes it easy to
> intercept passwords stored on secure websites, especially since we
> don't require any user interaction to fill in the password.
>
> No CVE has been assigned as of now.
da5eaa3 bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
> See https://kb.isc.org/article/AA-01453
386ecdc rtmpdump: 2015-01-15 -> 2015-12-30
> Numerous issues:
>
> - https://lwn.net/Vulnerabilities/713784/
> - https://lwn.net/Vulnerabilities/670061/
19f23d0 ntfs3g: patch for CVE-2017-0358
> From the Debian advisory:
>
> Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write
> NTFS driver for FUSE, does not scrub the environment before executing
> modprobe with elevated privileges. A local user can take advantage of
> this flaw for local root privilege escalation.
77e920d spice: Patch for CVE-2016-9577, CVE-2016-9578
> spice: Patch for CVE-2016-9577, CVE-2016-9578
>
> From the Red Hat advisory:
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An authenticated attacker could send crafted messages to
> the spice server causing a heap overflow leading to a crash or
> possible code execution. (CVE-2016-9577)
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An attacker able to connect to the spice server could send
> crafted messages which would cause the process to crash.
> (CVE-2016-9578)
379144f salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
> From the Arch Linux advisory:
>
> - CVE-2017-5192 (arbitrary code execution): The
> `LocalClient.cmd_batch()` method client does not accept
> `external_auth` credentials and so access to it from salt-api has
> been removed for now. This vulnerability allows code execution for
> already- authenticated users and is only in effect when running
> salt-api as the `root` user.
>
> - CVE-2017-5200 (arbitrary command execution): Salt-api allows
> arbitrary command execution on a salt-master via Salt's ssh_client.
> Users of Salt-API and salt-ssh could execute a command on the salt
> master via a hole when both systems were enabled.
b2e7b4b rabbitmq: 3.5.8 -> 3.6.6
> CVE-2015-8786
dced724 linux_3_18: remove due to EOL
5eaec77 wavpack: 4.80.0 -> 5.1.0
> From the Fedora advisory:
>
> CVE-2016-10172 wavpack: Heap out of bounds read in
> read_new_config_info / open_utils.c
> https://bugzilla.redhat.com/show_bug.cgi?id=1417853
>
> CVE-2016-10171 wavpack: Heap out of bounds read in unreorder_channels
> / wvunpack.c https://bugzilla.redhat.com/show_bug.cgi?id=1417852
>
> CVE-2016-10170 wavpack: Heap out of bounds read in WriteCaffHeader /
> caff.c https://bugzilla.redhat.com/show_bug.cgi?id=1417851
>
> CVE-2016-10169 wavpack: Global buffer overread in read_code /
> read_words.c https://bugzilla.redhat.com/show_bug.cgi?id=1417850
afd5981 gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
> gst-plugins-bad:
> From the Arch Linux advisory:
> - CVE-2017-5843 (arbitrary code execution): A double-free issue has
> been found in gstreamer before 1.10.3, in
> gst_mxf_demux_update_essence_tracks.
>
> - CVE-2017-5848 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
> More: https://lwn.net/Vulnerabilities/713772/
>
> gst-plugins-base:
> From the Arch Linux advisory:
>
> - CVE-2017-5837 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
>
> - CVE-2017-5839 (denial of service): An endless recursion issue
> leading to stack overflow has been found in gstreamer before 1.10.3,
> in gst_riff_create_audio_caps.
>
> - CVE-2017-5842 (arbitrary code execution): An off-by-one write has
> been found in gstreamer before 1.10.3, in
> html_context_handle_element.
>
> - CVE-2017-5844 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
> More: https://lwn.net/Vulnerabilities/713773/
>
> gst-plugins-good:
> From the Arch Linux advisory:
>
> - CVE-2016-10198 (denial of service): An invalid memory read flaw has
> been found in gstreamer before 1.10.3, in
> gst_aac_parse_sink_setcaps.
>
> - CVE-2016-10199 (denial of service): An out of bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
>
> - CVE-2017-5840 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_parse_samples.
>
> - CVE-2017-5841 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
>
> - CVE-2017-5845 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
> More: https://lwn.net/Vulnerabilities/713774/
>
> gst-plugins-ugly:
> From the Arch Linux advisory:
>
> - CVE-2017-5846 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_stream_props.
>
> - CVE-2017-5847 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_content_desc.
> More: https://lwn.net/Vulnerabilities/713775/
>
> gstreamer:
> From the Arch Linux advisory:
>
> An out of bounds read has been found in gstreamer before 1.10.3, in
> gst_date_time_new_from_iso8601_string.
> More: https://lwn.net/Vulnerabilities/713776/
bd46a37 grsecurity: 4.9.8-201702060653 -> 201702071801
> All kernel patches are considered security-sensitive.
Thank you very much,
Graham Christensen
NixOS Security Team
https://github.com/nixos/security
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYnReRAAoJEAYSHTZv6UNc1TQP/3Um8KQLJ9ijeFwsAec8YteK
0dBQJ0FWn/S5pQlR8XuDpWDcBH+uyoBvJgd5EPrKaVshyAVVd4reH8cNqfhlA1M9
oB0CiP9vAGPjRFgZUD80Sll7m7Q+/lChRn/NK9fchD1WYNAO+txlCvd92DrPEnnA
I5xP7M1w1EAElaST8mFusv8FaFBtLR+QnhuPgi0ykeIHKpBU6NpahhaY55sbyQPz
nc8tcsApDOsf+6rpY8jwuaHX16CQEpQFWxSAiCPeO0OQCRBXiuJy/GmuuZJSx3/V
i6brMeKG4oDsHiaRjmi6OtiaBH/qG+13x2znlE8tkwd/bDw5Gvf04XZiFSy5Fx6/
Zto1lqIxfD4BHmZ9H2MgAEOacU/DimSLFHQFkPhO+l9z1HhVACSeKqdPNwrnB8uq
/OCV7sR8iO45l+98ilddbqRjySUMz1JdZJCJd8JnLNyf/25lv1eEUDQESsmS/1m4
fFRHDcIt6PycrHNfXNaAxS4gRhf2T6fF1ifD7oLeH3rSZrGg/33aqJwZPYFiS1YT
O52l5HHiJ6Ug+5j2f9BKszlnfXMg2CYPC30T+iupISHL+lgUADzPPlPJOcl0UN3k
MFYmDl+y6mCXkQi07hriIVNHz/qIf0KQJgkZole6KBG03gTJcFOQq1RCJkmXgXSE
T+AJL0f1D4CECwNZy33Z
=zrVD
-----END PGP SIGNATURE-----
Hash: SHA256
The following issues have been resolved in NixOS in release-16.09 and
unstable. They remain potentially vulnerable on older major
releases.
These patches will be released to the unstable and
release-16.09 channels when Hydra finishes building the "tested" job
for each channel:
- https://hydra.nixos.org/job/nixos/release-16.09/tested
- https://hydra.nixos.org/job/nixos/trunk-combined/tested
Please consider helping with the next security roundup by commenting on
https://github.com/NixOS/nixpkgs/issues/22549.
The following changes were applied to release-16.09:
f6169b1 linux: 4.9.8 -> 4.9.9
> All kernel patches are considered security-sensitive.
382a97b linux: 4.4.47 -> 4.4.48
> All kernel patches are considered security-sensitive.
ddfc6a6 linux: 3.18.47 -> 3.18.48
> All kernel patches are considered security-sensitive.
e1e3ef7 graphicsmagick: patch for CVE-2016-9830
8e86250 bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
> See https://kb.isc.org/article/AA-01453
fc30b42 rtmpdump: 2015-01-15 -> 2015-12-30
> Numerous issues:
>
> - https://lwn.net/Vulnerabilities/713784/
> - https://lwn.net/Vulnerabilities/670061/
723a563 ntfs3g: patch for CVE-2017-0358
> From the Debian advisory:
>
> Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write
> NTFS driver for FUSE, does not scrub the environment before executing
> modprobe with elevated privileges. A local user can take advantage of
> this flaw for local root privilege escalation.
4562b1b spice: Patch for CVE-2016-9577, CVE-2016-9578
> spice: Patch for CVE-2016-9577, CVE-2016-9578
>
> From the Red Hat advisory:
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An authenticated attacker could send crafted messages to
> the spice server causing a heap overflow leading to a crash or
> possible code execution. (CVE-2016-9577)
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An attacker able to connect to the spice server could send
> crafted messages which would cause the process to crash.
> (CVE-2016-9578)
1873f69 wavpack: 4.80.0 -> 5.1.0
> From the Fedora advisory:
>
> CVE-2016-10172 wavpack: Heap out of bounds read in
> read_new_config_info / open_utils.c
> https://bugzilla.redhat.com/show_bug.cgi?id=1417853
>
> CVE-2016-10171 wavpack: Heap out of bounds read in unreorder_channels
> / wvunpack.c https://bugzilla.redhat.com/show_bug.cgi?id=1417852
>
> CVE-2016-10170 wavpack: Heap out of bounds read in WriteCaffHeader /
> caff.c https://bugzilla.redhat.com/show_bug.cgi?id=1417851
>
> CVE-2016-10169 wavpack: Global buffer overread in read_code /
> read_words.c https://bugzilla.redhat.com/show_bug.cgi?id=1417850
504d394 gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
> gst-plugins-bad:
> From the Arch Linux advisory:
> - CVE-2017-5843 (arbitrary code execution): A double-free issue has
> been found in gstreamer before 1.10.3, in
> gst_mxf_demux_update_essence_tracks.
>
> - CVE-2017-5848 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
> More: https://lwn.net/Vulnerabilities/713772/
>
> gst-plugins-base:
> From the Arch Linux advisory:
>
> - CVE-2017-5837 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
>
> - CVE-2017-5839 (denial of service): An endless recursion issue
> leading to stack overflow has been found in gstreamer before 1.10.3,
> in gst_riff_create_audio_caps.
>
> - CVE-2017-5842 (arbitrary code execution): An off-by-one write has
> been found in gstreamer before 1.10.3, in
> html_context_handle_element.
>
> - CVE-2017-5844 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
> More: https://lwn.net/Vulnerabilities/713773/
>
> gst-plugins-good:
> From the Arch Linux advisory:
>
> - CVE-2016-10198 (denial of service): An invalid memory read flaw has
> been found in gstreamer before 1.10.3, in
> gst_aac_parse_sink_setcaps.
>
> - CVE-2016-10199 (denial of service): An out of bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
>
> - CVE-2017-5840 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_parse_samples.
>
> - CVE-2017-5841 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
>
> - CVE-2017-5845 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
> More: https://lwn.net/Vulnerabilities/713774/
>
> gst-plugins-ugly:
> From the Arch Linux advisory:
>
> - CVE-2017-5846 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_stream_props.
>
> - CVE-2017-5847 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_content_desc.
> More: https://lwn.net/Vulnerabilities/713775/
>
> gstreamer:
> From the Arch Linux advisory:
>
> An out of bounds read has been found in gstreamer before 1.10.3, in
> gst_date_time_new_from_iso8601_string.
> More: https://lwn.net/Vulnerabilities/713776/
98f8cfb grsecurity: 4.9.8-201702060653 -> 201702071801
> All kernel patches are considered security-sensitive.
fc6a87e grsecurity: 4.8.17-201701151620 -> 4.9.8-201702060653
> All kernel patches are considered security-sensitive.
82a6c83 fpm: fix vulnerable dependency
fed923e chromium: 55.0.2883.87 -> 56.0.2924.87
> All browser patches are considered security-sensitive.
======================================================================
The following changes were applied to unstable:
9dec33d linux: 4.9.8 -> 4.9.9
> All kernel patches are considered security-sensitive.
9d82485 linux: 4.4.47 -> 4.4.48
> All kernel patches are considered security-sensitive.
4b6692a graphicsmagick: patch for CVE-2016-9830
bfee52a epiphany: 3.22.5 -> 3.22.6 for security issue
> From https://bugzilla.gnome.org/show_bug.cgi?id=752738:
>
> The page http://whatever.com has access to saved passwords of
> https://whatever.com. This was a very bad idea: it makes it easy to
> intercept passwords stored on secure websites, especially since we
> don't require any user interaction to fill in the password.
>
> No CVE has been assigned as of now.
da5eaa3 bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
> See https://kb.isc.org/article/AA-01453
386ecdc rtmpdump: 2015-01-15 -> 2015-12-30
> Numerous issues:
>
> - https://lwn.net/Vulnerabilities/713784/
> - https://lwn.net/Vulnerabilities/670061/
19f23d0 ntfs3g: patch for CVE-2017-0358
> From the Debian advisory:
>
> Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write
> NTFS driver for FUSE, does not scrub the environment before executing
> modprobe with elevated privileges. A local user can take advantage of
> this flaw for local root privilege escalation.
77e920d spice: Patch for CVE-2016-9577, CVE-2016-9578
> spice: Patch for CVE-2016-9577, CVE-2016-9578
>
> From the Red Hat advisory:
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An authenticated attacker could send crafted messages to
> the spice server causing a heap overflow leading to a crash or
> possible code execution. (CVE-2016-9577)
>
> * A vulnerability was discovered in spice in the server's protocol
> handling. An attacker able to connect to the spice server could send
> crafted messages which would cause the process to crash.
> (CVE-2016-9578)
379144f salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
> From the Arch Linux advisory:
>
> - CVE-2017-5192 (arbitrary code execution): The
> `LocalClient.cmd_batch()` method client does not accept
> `external_auth` credentials and so access to it from salt-api has
> been removed for now. This vulnerability allows code execution for
> already- authenticated users and is only in effect when running
> salt-api as the `root` user.
>
> - CVE-2017-5200 (arbitrary command execution): Salt-api allows
> arbitrary command execution on a salt-master via Salt's ssh_client.
> Users of Salt-API and salt-ssh could execute a command on the salt
> master via a hole when both systems were enabled.
b2e7b4b rabbitmq: 3.5.8 -> 3.6.6
> CVE-2015-8786
dced724 linux_3_18: remove due to EOL
5eaec77 wavpack: 4.80.0 -> 5.1.0
> From the Fedora advisory:
>
> CVE-2016-10172 wavpack: Heap out of bounds read in
> read_new_config_info / open_utils.c
> https://bugzilla.redhat.com/show_bug.cgi?id=1417853
>
> CVE-2016-10171 wavpack: Heap out of bounds read in unreorder_channels
> / wvunpack.c https://bugzilla.redhat.com/show_bug.cgi?id=1417852
>
> CVE-2016-10170 wavpack: Heap out of bounds read in WriteCaffHeader /
> caff.c https://bugzilla.redhat.com/show_bug.cgi?id=1417851
>
> CVE-2016-10169 wavpack: Global buffer overread in read_code /
> read_words.c https://bugzilla.redhat.com/show_bug.cgi?id=1417850
afd5981 gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
> gst-plugins-bad:
> From the Arch Linux advisory:
> - CVE-2017-5843 (arbitrary code execution): A double-free issue has
> been found in gstreamer before 1.10.3, in
> gst_mxf_demux_update_essence_tracks.
>
> - CVE-2017-5848 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
> More: https://lwn.net/Vulnerabilities/713772/
>
> gst-plugins-base:
> From the Arch Linux advisory:
>
> - CVE-2017-5837 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
>
> - CVE-2017-5839 (denial of service): An endless recursion issue
> leading to stack overflow has been found in gstreamer before 1.10.3,
> in gst_riff_create_audio_caps.
>
> - CVE-2017-5842 (arbitrary code execution): An off-by-one write has
> been found in gstreamer before 1.10.3, in
> html_context_handle_element.
>
> - CVE-2017-5844 (denial of service): A floating point exception issue
> has been found in gstreamer before 1.10.3, in
> gst_riff_create_audio_caps.
> More: https://lwn.net/Vulnerabilities/713773/
>
> gst-plugins-good:
> From the Arch Linux advisory:
>
> - CVE-2016-10198 (denial of service): An invalid memory read flaw has
> been found in gstreamer before 1.10.3, in
> gst_aac_parse_sink_setcaps.
>
> - CVE-2016-10199 (denial of service): An out of bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
>
> - CVE-2017-5840 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in qtdemux_parse_samples.
>
> - CVE-2017-5841 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
>
> - CVE-2017-5845 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
> More: https://lwn.net/Vulnerabilities/713774/
>
> gst-plugins-ugly:
> From the Arch Linux advisory:
>
> - CVE-2017-5846 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_stream_props.
>
> - CVE-2017-5847 (denial of service): An out-of-bounds read has been
> found in gstreamer before 1.10.3, in
> gst_asf_demux_process_ext_content_desc.
> More: https://lwn.net/Vulnerabilities/713775/
>
> gstreamer:
> From the Arch Linux advisory:
>
> An out of bounds read has been found in gstreamer before 1.10.3, in
> gst_date_time_new_from_iso8601_string.
> More: https://lwn.net/Vulnerabilities/713776/
bd46a37 grsecurity: 4.9.8-201702060653 -> 201702071801
> All kernel patches are considered security-sensitive.
Thank you very much,
Graham Christensen
NixOS Security Team
https://github.com/nixos/security
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYnReRAAoJEAYSHTZv6UNc1TQP/3Um8KQLJ9ijeFwsAec8YteK
0dBQJ0FWn/S5pQlR8XuDpWDcBH+uyoBvJgd5EPrKaVshyAVVd4reH8cNqfhlA1M9
oB0CiP9vAGPjRFgZUD80Sll7m7Q+/lChRn/NK9fchD1WYNAO+txlCvd92DrPEnnA
I5xP7M1w1EAElaST8mFusv8FaFBtLR+QnhuPgi0ykeIHKpBU6NpahhaY55sbyQPz
nc8tcsApDOsf+6rpY8jwuaHX16CQEpQFWxSAiCPeO0OQCRBXiuJy/GmuuZJSx3/V
i6brMeKG4oDsHiaRjmi6OtiaBH/qG+13x2znlE8tkwd/bDw5Gvf04XZiFSy5Fx6/
Zto1lqIxfD4BHmZ9H2MgAEOacU/DimSLFHQFkPhO+l9z1HhVACSeKqdPNwrnB8uq
/OCV7sR8iO45l+98ilddbqRjySUMz1JdZJCJd8JnLNyf/25lv1eEUDQESsmS/1m4
fFRHDcIt6PycrHNfXNaAxS4gRhf2T6fF1ifD7oLeH3rSZrGg/33aqJwZPYFiS1YT
O52l5HHiJ6Ug+5j2f9BKszlnfXMg2CYPC30T+iupISHL+lgUADzPPlPJOcl0UN3k
MFYmDl+y6mCXkQi07hriIVNHz/qIf0KQJgkZole6KBG03gTJcFOQq1RCJkmXgXSE
T+AJL0f1D4CECwNZy33Z
=zrVD
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages