Описание
Security update for live555
This update for live555 fixes the following issues:
-
CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. (boo#1127341)
-
CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free error causing the RTSP server to crash or possibly have unspecified other impact. (boo#1124159)
-
Update to version 2019.06.28,
-
Convert to dynamic libraries (boo#1121995):
- Use make ilinux-with-shared-libraries: build the dynamic libs instead of the static one.
- Use make install instead of a manual file copy script: this also reveals that we missed quite a bit of code to be installed before.
- Split out shared library packages according the SLPP.
-
Use FAT LTO objects in order to provide proper static library.
This update was imported from the openSUSE:Leap:15.1:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:0944-1
- SUSE Security Ratings
- SUSE Bug 1121995
- SUSE Bug 1124159
- SUSE Bug 1127341
- SUSE CVE CVE-2019-7314 page
- SUSE CVE CVE-2019-9215 page
Описание
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2019-7314
- SUSE Bug 1124159
Описание
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
Затронутые продукты
Ссылки
- CVE-2019-9215
- SUSE Bug 1127341