From: Archana Polampalli <archana.polampa...@windriver.com> Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.
Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../CVE-2024-44331.patch | 44 +++++++++++++++++++ .../gstreamer1.0-rtsp-server_1.20.7.bb | 4 +- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch new file mode 100644 index 0000000000..e78fef7b93 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch @@ -0,0 +1,44 @@ +From aa3e97d67c05d4648ea58c7ff7675e24a81ca72b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebast...@centricular.com> +Date: Thu, 24 Oct 2024 20:12:55 +0300 +Subject: [PATCH] rtsp-server: Remove pointless assertions that can happen if + client provides invalid rates + +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3731 +Fixes CVE-2024-44331 + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7739> + +CVE: CVE-2024-44331 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa3e97d67c05d4648ea58c7ff7675e24a81ca72b] + +Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> +--- + gst/rtsp-server/rtsp-media.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/gst/rtsp-server/rtsp-media.c b/gst/rtsp-server/rtsp-media.c +index 88bf7a7..e482b44 100644 +--- a/gst/rtsp-server/rtsp-media.c ++++ b/gst/rtsp-server/rtsp-media.c +@@ -2737,15 +2737,13 @@ gst_rtsp_media_get_rates (GstRTSPMedia * media, gdouble * rate, + first_stream = FALSE; + } else { + if (save_rate != *rate || save_applied_rate != *applied_rate) { +- /* diffrent rate or applied_rate, weird */ +- g_assert (FALSE); ++ /* different rate or applied_rate, weird */ + result = FALSE; + break; + } + } + } else { +- /* complete stream withot rate and applied_rate, weird */ +- g_assert (FALSE); ++ /* complete stream without rate and applied_rate, weird */ + result = FALSE; + break; + } +-- +2.40.0 diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.7.bb index 2901be69d2..a7d17e3b1e 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.7.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.7.bb @@ -8,7 +8,9 @@ DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base" PNREAL = "gst-rtsp-server" -SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"; +SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \ + file://CVE-2024-44331.patch \ + " SRC_URI[sha256sum] = "2c8f46aa9df2245e5b39a2082be8e9d3edc0f61bc34f667803d7a21da1b51987" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#211902): https://lists.openembedded.org/g/openembedded-core/message/211902 Mute This Topic: https://lists.openembedded.org/mt/111377466/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
