536452 – (CVE-2014-8154) <dev-lang/vala-0.26.2: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo() (CVE-2014-8154)

Bug 536452 (CVE-2014-8154) - <dev-lang/vala-0.26.2: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo() (CVE-2014-8154)

Summary: <dev-lang/vala-0.26.2: Heap-buffer overflow in vala-gstreamer bindings at Gst...

Status:	RESOLVED FIXED

Alias:	CVE-2014-8154

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B2 [noglsa/cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-01-13 08:44 UTC by Agostino Sarubbo
Modified:	2015-12-21 16:12 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Vala sandbox access violation (dev-lang:vala-0.28.1:20150911-204444.log,178.86 KB, text/x-log) 2015-09-11 20:58 UTC, Mauro Crociara	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-01-13 08:44:49 UTC

From ${URL} :

Sergey "Shnatsel" Davidoff  reported a heap-based buffer overflow in Vala Gstreamer bindings in the 
Gst.MapInfo() function. Further details are available in the following Red Hat bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1177840

This issue was also reported via: 
https://bugzilla.gnome.org/show_bug.cgi?id=678663 

and fixed in the following commit:

https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2015-06-17 17:45:09 UTC

CVE-2014-8154 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8154):
  The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer
  length declaration for the Gstreamer bindings, which allows
  context-dependent attackers to cause a denial of service (crash) or possibly
  execute arbitrary code via unspecified vectors, which trigger a heap-based
  buffer overflow.

Comment 2 Alexandre Rostovtsev (RETIRED) gentoo-dev

2015-06-18 13:43:50 UTC

Already fixed in >=dev-lang/vala-0.26.2 - added to the tree in January and stabilized.

Vunlerable versions (vala-0.26.0 and 0.26.1) have been removed from the tree.

Comment 3 Mauro Crociara 2015-09-11 20:58:05 UTC

Created attachment 411634 [details]
Vala sandbox access violation

I tried to emerge different version of the package, with the same/similar error as result.

Comment 4 Mauro Crociara 2015-09-12 09:48:19 UTC

I have removed /.git dir to make it work

Comment 5 Alexandre Rostovtsev (RETIRED) gentoo-dev

2015-09-12 22:09:17 UTC

(In reply to Mauro Crociara from comment #3)
> Created attachment 411634 [details]
> Vala sandbox access violation
> 
> I tried to emerge different version of the package, with the same/similar
> error as result.

That is a completely different issue (nothing to do with buffer overflow in gstreamer bindings) caused by your /.git directory, I've made a separate bug #560308 about it.

Comment 6 Yury German Gentoo Infrastructure

2015-12-21 13:49:57 UTC

(In reply to Alexandre Rostovtsev from comment #2)
> Already fixed in >=dev-lang/vala-0.26.2 - added to the tree in January and
> stabilized.
> 
> Vunlerable versions (vala-0.26.0 and 0.26.1) have been removed from the tree.

Thank you!

Security Please Vote.
GLSA Vote: No

Comment 7 Yury German Gentoo Infrastructure

2015-12-21 16:12:20 UTC

Arches and Maintainer(s), Thank you for your work.

Thank you all. Closing as noglsa.