openSUSE: 2019:1880-1: moderate: live555

    Date14 Aug 2019
    CategoryopenSUSE
    200
    Posted ByLinuxSecurity Advisories
    An update that solves two vulnerabilities and has one errata is now available.
       openSUSE Security Update: Security update for live555
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1880-1
    Rating:             moderate
    References:         #1121995 #1124159 #1127341 
    Cross-References:   CVE-2019-7314 CVE-2019-9215
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that solves two vulnerabilities and has one
       errata is now available.
    
    Description:
    
       This update for live555 fixes the following issues:
    
       - CVE-2019-9215: Malformed headers could have lead to invalid memory
         access in the parseAuthorizationHeader function. (boo#1127341)
    
       - CVE-2019-7314: Mishandled termination of an RTSP stream after
         RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free
         error causing the RTSP server to crash or possibly have unspecified
         other impact. (boo#1124159)
    
       - Update to version 2019.06.28,
       - Convert to dynamic libraries (boo#1121995):
         + Use make ilinux-with-shared-libraries: build the dynamic libs instead
           of the static one.
         + Use make install instead of a manual file copy script: this also
           reveals that we missed quite a bit of code to be installed before.
         + Split out shared library packages according the SLPP.
       - Use FAT LTO objects in order to provide proper static library.
    
    
       This update was imported from the openSUSE:Leap:15.1:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-1880=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
    
          libBasicUsageEnvironment1-2019.06.28-bp151.3.3.1
          libUsageEnvironment3-2019.06.28-bp151.3.3.1
          libgroupsock8-2019.06.28-bp151.3.3.1
          libliveMedia66-2019.06.28-bp151.3.3.1
          live555-2019.06.28-bp151.3.3.1
          live555-devel-2019.06.28-bp151.3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-7314.html
       https://www.suse.com/security/cve/CVE-2019-9215.html
       https://bugzilla.suse.com/1121995
       https://bugzilla.suse.com/1124159
       https://bugzilla.suse.com/1127341
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.