Mageia: 2019-0121 Moderate: RTSP Stream Handling Errors in Mplayer and VLC
mageia
March 29, 2019
The updated live, mplayer, vlc packages fix security vulnerabilities: liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RT...
Summary
The updated live, mplayer, vlc packages fix security vulnerabilities:
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an
RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to
a Use-After-Free error that causes the RTSP server to crash (Segmentation
fault) or possibly have unspecified other impact. (CVE-2019-7314)
In Live555 before 2019.02.27, malformed headers lead to invalid memory
access in the parseAuthorizationHeader function. (CVE-2019-9215)
Mplayer and VLC has been rebuilt against new live packages.
Also, VLC has been updated to version 3.0.6.
References
- https://bugs.mageia.org/show_bug.cgi?id=24527
- https://lists.debian.org/debian-security-announce/2019/msg00052.html
- https://code.videolan.org/videolan/vlc-3.0/-/raw/master/NEWS
-
- https://www.cve.org/CVERecord?id=CVE-2019-7314
- https://www.cve.org/CVERecord?id=CVE-2019-9215
Topics Covered
Resolution
SRPMS
- 6/tainted/mplayer-1.3.0-14.mga6.tainted
- 6/tainted/vlc-3.0.6-1.mga6.tainted
- 6/core/live-2019.03.06-1.mga6
- 6/core/mplayer-1.3.0-14.mga6
- 6/core/vlc-3.0.6-1.mga6
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 29 Mar 2019
URL: https://advisories.mageia.org/MGASA-2019-0121.html
Type: security
CVE: CVE-2019-7314,
CVE-2019-9215
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!