[SECURITY] [DLA 1690-1] liblivemedia security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : liblivemedia
Version : 2014.01.13-1+deb8u2
CVE ID : CVE-2019-6256 CVE-2019-7314
Debian Bug : 919529
Multiple vulnerabilities have been discovered in liblivemedia, the
LIVE555 RTSP server library:
CVE-2019-6256
liblivemedia servers with RTSP-over-HTTP tunneling enabled are
vulnerable to an invalid function pointer dereference. This issue
might happen during error handling when processing two GET and
POST requests being sent with identical x-sessioncookie within
the same TCP session and might be leveraged by remote attackers
to cause DoS.
CVE-2019-7314
liblivemedia servers with RTSP-over-HTTP tunneling enabled are
affected by a use-after-free vulnerability. This vulnerability
might be triggered by remote attackers to cause DoS (server crash)
or possibly unspecified other impact.
For Debian 8 "Jessie", these problems have been fixed in version
2014.01.13-1+deb8u2.
We recommend that you upgrade your liblivemedia packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlx1J7YACgkQZYVUZx9w
0DQgzgf/SlZIr7JF9izZiddDLqDnVOF1L2HZzyh8i71quc28ny1ODooPxHlL00Wn
KQaBbF94HhGh4JwOfHtwP/2HvkDugm2VJDugMHs/eiPEdMmWNzHqG7f/nbpxB1Aj
wcbyUWrbEMHDfln4BVbSxQ70lwI9oXduIs8QzVBkX/2K16im1xrrJPbskOVZ3vFq
42GmKFKvLpoSkiInbKLuvTgaF55SHFnpSubV+H9rSZK5fI+82qAbJGpSrx10Cvzg
46mK0Paq0JIGXSCCKW/ovrmwPGQl3O+PDPyav2PNx9YxH0gxpwbLnxMrdftq9gWk
gp0LWsd3SL1k0h3A6pFMycux36XOOQ==
=Tq/2
-----END PGP SIGNATURE-----
Reply to: