*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
First, I am NOT the person who found the bug. It is a zero day vulnerability(i.e already public). A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete “scripting” inside a music player. NSF files are music files from the Nintendo Entertainment System. The person who found it detailed it here https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html Precise and trusty are effected. xenial can be effected if 0.10 is manually installed. ** Affects: gst-plugins-bad0.10 (Ubuntu) Importance: Undecided Status: Incomplete -- untrusted code execution using NES music file play using gstreamer NES CPU emulation CESA-2016-0001 https://bugs.launchpad.net/bugs/1641700 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
