gstreamer1-plugins-base-1.16.1-5.el8_10
エラータID: AXSA:2024-9435:04
リリース日:
2024/12/19 Thursday - 22:52
題名:
gstreamer1-plugins-base-1.16.1-5.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の gstvorbisdec.c の
vorbis_handle_identification_packet() 関数には、スタック
領域のオーバーフローの問題があるため、ローカルの攻撃者に
より、データ破壊、およびサービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2024-47538)
- GStreamer の gstopusdec.c の gst_opus_dec_parse_header()
関数には、スタックオーバーフローの問題があるため、ローカル
の攻撃者により、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2024-47607)
- GStreamer の vorbis_parse.c の
gst_parse_vorbis_setup_packet() 関数には、メモリ領域の
範囲外書き込みの問題があるため、ローカルの攻撃者により、
細工されたファイルの入力を介して、データ破壊、および
サービス拒否攻撃などを可能とする脆弱性が存在します。
(CVE-2024-47615)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-47538
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.
CVE-2024-47607
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
追加情報:
N/A
ダウンロード:
SRPMS
- gstreamer1-plugins-base-1.16.1-5.el8_10.src.rpm
MD5: 0b454718a2f3a7a39597a23f0f021dce
SHA-256: 3f6f2c017b68b397cdbe436996fa8c165e639965534fd3dfbadaa216392a0add
Size: 3.78 MB
Asianux Server 8 for x86_64
- gstreamer1-plugins-base-1.16.1-5.el8_10.i686.rpm
MD5: 71c06a954e1cf753a2e64ee1b9b52936
SHA-256: a958b40063a805f8615a4a4a96e33fd8cee375814a8009ee8ab417e7cb216803
Size: 2.03 MB - gstreamer1-plugins-base-1.16.1-5.el8_10.x86_64.rpm
MD5: ab382165fdf867f6bf34d31254cf73a0
SHA-256: 3a6a056bdf2c9e296aa2749fb9c04e887c926478c7961b9740b849bf96acbe59
Size: 1.95 MB - gstreamer1-plugins-base-devel-1.16.1-5.el8_10.i686.rpm
MD5: f5b3236f0fe937d504fe6b07b47edeaa
SHA-256: f289de898b81ea9015ca88e38366c92d004dcb98ad0a92e1f30d984e66d8ba6f
Size: 420.96 kB - gstreamer1-plugins-base-devel-1.16.1-5.el8_10.x86_64.rpm
MD5: 887b9e6be1b7e2db6eb60885ed22c718
SHA-256: 2bbf0621f2bd1d1403a213e12bbf43c42b9047f02176b3207010bdb3f73611a5
Size: 421.02 kB
English