Advisories ยป MGASA-2019-0121

Updated live, mplayer, vlc packages fix security vulnerability

Publication date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-7314 , CVE-2019-9215


The updated live, mplayer, vlc packages fix security vulnerabilities:

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an
RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to
a Use-After-Free error that causes the RTSP server to crash (Segmentation
fault) or possibly have unspecified other impact. (CVE-2019-7314)

In Live555 before 2019.02.27, malformed headers lead to invalid memory
access in the parseAuthorizationHeader function. (CVE-2019-9215)

Mplayer and VLC has been rebuilt against new live packages.

Also, VLC has been updated to version 3.0.6.