Updated live packages fix security vulnerabilities: Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska . MGASA-2021-0313 - Updated live packages fix security vulnerabilities Publication date: 04 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0313.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2019-15232, CVE-2021-28899 Updated live packages fix security vulnerabilities: Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors (CVE-2019-15232). Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16 (CVE-2021-28899). The mplayer package has been rebuilt against the updated live package. References: - https://bugs.mageia.org/show_bug.cgi?id=29175 - http://lists.live555.com/pipermail/live-devel/2021-March/021891.html - - - https://www.cve.org/CVERecord?id=CVE-2019-15232 - https://www.cve.org/CVERecord?id=CVE-2021-28899 SRPMS: - 7/tainted/mplayer-1.4-1.1.mga7.tainted - 7/core/live-2021.06.25-1.mga7 - 7/core/mplayer-1.4-1.1.mga7 - 8/tainted/mplayer-1.4-9.3.mga8.tainted - 8/core/live-2021.06.25-1.mga8 - 8/core/mplayer-1.4-9.3.mga8 . Revamped installations from Mageia tackle safety concerns like Use-After-Free flaws impacting Live555.. Mageia Live555 Security Update, Use-After-Free Fix, Media Streaming Vulnerabilities. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.