Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 536452 (CVE-2014-8154)

Summary: <dev-lang/vala-0.26.2: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo() (CVE-2014-8154)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gnome, realnot
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1181404
Whiteboard: B2 [noglsa/cve]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
Vala sandbox access violation none

Description Agostino Sarubbo gentoo-dev 2015-01-13 08:44:49 UTC 
From ${URL} :

Sergey "Shnatsel" Davidoff  reported a heap-based buffer overflow in Vala Gstreamer bindings in the 
Gst.MapInfo() function. Further details are available in the following Red Hat bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1177840

This issue was also reported via: 
https://bugzilla.gnome.org/show_bug.cgi?id=678663 

and fixed in the following commit:

https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2015-06-17 17:45:09 UTC 
CVE-2014-8154 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8154):
  The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer
  length declaration for the Gstreamer bindings, which allows
  context-dependent attackers to cause a denial of service (crash) or possibly
  execute arbitrary code via unspecified vectors, which trigger a heap-based
  buffer overflow.
Comment 2 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-06-18 13:43:50 UTC 
Already fixed in >=dev-lang/vala-0.26.2 - added to the tree in January and stabilized.

Vunlerable versions (vala-0.26.0 and 0.26.1) have been removed from the tree.
Comment 3 Mauro Crociara 2015-09-11 20:58:05 UTC 
Created attachment 411634 [details]
Vala sandbox access violation

I tried to emerge different version of the package, with the same/similar error as result.
Comment 4 Mauro Crociara 2015-09-12 09:48:19 UTC 
I have removed /.git dir to make it work
Comment 5 Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-09-12 22:09:17 UTC 
(In reply to Mauro Crociara from comment #3)
> Created attachment 411634 [details]
> Vala sandbox access violation
> 
> I tried to emerge different version of the package, with the same/similar
> error as result.

That is a completely different issue (nothing to do with buffer overflow in gstreamer bindings) caused by your /.git directory, I've made a separate bug #560308 about it.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2015-12-21 13:49:57 UTC 
(In reply to Alexandre Rostovtsev from comment #2)
> Already fixed in >=dev-lang/vala-0.26.2 - added to the tree in January and
> stabilized.
> 
> Vunlerable versions (vala-0.26.0 and 0.26.1) have been removed from the tree.

Thank you!

Security Please Vote.
GLSA Vote: No
Comment 7 Yury German Gentoo Infrastructure gentoo-dev 2015-12-21 16:12:20 UTC 
Arches and Maintainer(s), Thank you for your work.

Thank you all. Closing as noglsa.