Updated live555, vlc & mplayer packages fix several issuesPublication date: 26 Jul 2014
Affected Mageia releases : 3 , 4
Updated live, mplayer, and vlc packages fix security vulnerabilities: The live555 RTSP streaming server and client libraries before 2013.11.29 are vulnerable to buffer overflows in RTSP command parsing that potentially allow for arbitrary code execution when connected to a malicious client or server. The RTSP client streaming code in the mplayer and vlc packages is built from the live555 code in the live package. They have been rebuilt with the updated live packages. The vlc packages have also been updated to 2.0.10 for Mageia 3 and 2.1.5 for Mageia 4, fixing several other bugs and potential security issues. The Mageia 3 update fixes a buffer overflow in the mp4a packetizer (CVE-2013-4388) that was fixed upstream in 2.0.9. Finally, the mplayer update for Mageia 3 includes two upstream patches; one disables playlist parsing for security reasons and the other fixes mp3 decoding cutting out early (mga#10478).