Описание
Security update for gstreamer-rtsp-server
This update for gstreamer-rtsp-server fixes the following issues:
- CVE-2020-6095: Fixed a NULL pointer dereference when handling an invalid basic Authorization header (boo#1168026).
Список пакетов
SUSE Package Hub 15 SP1
gstreamer-rtsp-server-devel-1.12.5-bp151.4.3.1
libgstrtspserver-1_0-0-1.12.5-bp151.4.3.1
typelib-1_0-GstRtspServer-1_0-1.12.5-bp151.4.3.1
openSUSE Leap 15.1
gstreamer-rtsp-server-devel-1.12.5-bp151.4.3.1
libgstrtspserver-1_0-0-1.12.5-bp151.4.3.1
typelib-1_0-GstRtspServer-1_0-1.12.5-bp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0535-1
- SUSE Security Ratings
- SUSE Bug 1168026
- SUSE CVE CVE-2020-6095 page
Описание
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
Затронутые продукты
SUSE Package Hub 15 SP1:gstreamer-rtsp-server-devel-1.12.5-bp151.4.3.1
SUSE Package Hub 15 SP1:libgstrtspserver-1_0-0-1.12.5-bp151.4.3.1
SUSE Package Hub 15 SP1:typelib-1_0-GstRtspServer-1_0-1.12.5-bp151.4.3.1
openSUSE Leap 15.1:gstreamer-rtsp-server-devel-1.12.5-bp151.4.3.1
Ссылки
- CVE-2020-6095
- SUSE Bug 1168026