Arch Linux ASA-201601-1 High Severity: Rtmpdump Remote Execution Risk
Jan 02, 2016
•
LinuxSecurity Advisories
1 min read
The package rtmpdump before version 1:2.4.r96.fa8646d-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201601-1 ======================================== Severity: High Date : 2016-01-02 CVE-ID : Pending Package : rtmpdump Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package rtmpdump before version 1:2.4.r96.fa8646d-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1:2.4.r96.fa8646d-1. # pacman -Syu "rtmpdump>=1:2.4.r96.fa8646d-1" The problem has been fixed upstream but no updated version has been released. Workaround ========= None. Description ========== Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues. Impact ===== A remote attacker is able to craft a special rtmp stream that, when processed, can cause arbitrary code execution. References ========= https://bugs.archlinux.org/task/47564
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!