SUSE SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2023:3688-1)

high Nessus Plugin ID 181661

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3688-1 advisory.

- GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. (CVE-2021-3497)

- Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. (CVE-2022-1920)

- Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. (CVE-2022-1921)

- DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. (CVE-2022-1922)

- DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. (CVE-2022-1923)

- DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. (CVE-2022-1924)

- DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. (CVE-2022-1925)

- DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. (CVE-2022-2122)

- Integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327) (CVE-2023-37327)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected gstreamer-plugins-good and / or gstreamer-plugins-good-lang packages.

See Also

https://bugzilla.suse.com/1201706

https://bugzilla.suse.com/1201707

https://bugzilla.suse.com/1201708

https://bugzilla.suse.com/1213128

http://www.nessus.org/u?2bdd8792

https://www.suse.com/security/cve/CVE-2021-3497

https://www.suse.com/security/cve/CVE-2022-1920

https://www.suse.com/security/cve/CVE-2022-1921

https://www.suse.com/security/cve/CVE-2022-1922

https://www.suse.com/security/cve/CVE-2022-1923

https://www.suse.com/security/cve/CVE-2022-1924

https://www.suse.com/security/cve/CVE-2022-1925

https://www.suse.com/security/cve/CVE-2022-2122

https://www.suse.com/security/cve/CVE-2023-37327

https://bugzilla.suse.com/1184739

https://bugzilla.suse.com/1201688

https://bugzilla.suse.com/1201693

https://bugzilla.suse.com/1201702

https://bugzilla.suse.com/1201704

Plugin Details

Severity: High

ID: 181661

File Name: suse_SU-2023-3688-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 9/20/2023

Updated: 9/20/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3497

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-2122

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:gstreamer-plugins-good, p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-lang, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/19/2023

Vulnerability Publication Date: 4/19/2021

Reference Information

CVE: CVE-2021-3497, CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122, CVE-2023-37327

SuSE: SUSE-SU-2023:3688-1