Updated live, mplayer, vlc packages fix security vulnerability
Publication date: 29 Mar 2019Modification date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-7314 , CVE-2019-9215
Description
The updated live, mplayer, vlc packages fix security vulnerabilities:
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an
RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to
a Use-After-Free error that causes the RTSP server to crash (Segmentation
fault) or possibly have unspecified other impact. (CVE-2019-7314)
In Live555 before 2019.02.27, malformed headers lead to invalid memory
access in the parseAuthorizationHeader function. (CVE-2019-9215)
Mplayer and VLC has been rebuilt against new live packages.
Also, VLC has been updated to version 3.0.6.
References
- https://bugs.mageia.org/show_bug.cgi?id=24527
- https://www.debian.org/security/2019/dsa-4408
- https://www.videolan.org/developers/vlc-branch/NEWS
- http://live555.com/liveMedia/public/changelog.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7314
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9215
SRPMS
6/tainted
- mplayer-1.3.0-14.mga6.tainted
- vlc-3.0.6-1.mga6.tainted
6/core
- live-2019.03.06-1.mga6
- mplayer-1.3.0-14.mga6
- vlc-3.0.6-1.mga6