| 1 |
type: security |
| 2 |
subject: Updated live, ffmpeg, mplayer, and vlc packages fix security vulnerabilities |
| 3 |
CVE: |
| 4 |
- CVE-2018-4013 |
| 5 |
- CVE-2018-15822 |
| 6 |
src: |
| 7 |
6: |
| 8 |
core: |
| 9 |
- live-2018.11.26-1.mga6 |
| 10 |
- ffmpeg-3.3.9-1.mga6 |
| 11 |
- mplayer-1.3.0-13.mga6 |
| 12 |
- vlc-3.0.5-2.mga6 |
| 13 |
tainted: |
| 14 |
- ffmpeg-3.3.9-1.mga6.tainted |
| 15 |
- mplayer-1.3.0-13.mga6.tainted |
| 16 |
- vlc-3.0.5-2.mga6.tainted |
| 17 |
description: | |
| 18 |
A bug in the server implementation of RTSP-over-HTTP in live could allow |
| 19 |
a denial-of-service attack. |
| 20 |
|
| 21 |
A bug in the server implementation of RTSP-over-HTTP could allow a |
| 22 |
buffer overflow, which could result in the execution of arbitrary code |
| 23 |
when parsing a malformed RTSP stream (CVE-2018-4013). |
| 24 |
|
| 25 |
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through |
| 26 |
3.3.8 does not check for an empty audio packet, leading to an assertion |
| 27 |
failure (CVE-2018-15822). |
| 28 |
|
| 29 |
The live package has been updated to version 2018.11.26, the ffmpeg |
| 30 |
package has been updated to version 3.3.9, and the vlc package has been |
| 31 |
updated to version 3.0.5, fixing these issues and other bugs. |
| 32 |
|
| 33 |
The mplayer package has been rebuilt against the update live package to |
| 34 |
fix the RTSP-over-HTTP issues in mplayer. |
| 35 |
references: |
| 36 |
- https://bugs.mageia.org/show_bug.cgi?id=24071 |
| 37 |
- http://live555.com/liveMedia/public/changelog.txt |
| 38 |
- https://www.videolan.org/developers/vlc-branch/NEWS |
| 39 |
- https://www.debian.org/security/2018/dsa-4343 |
| 40 |
ID: MGASA-2019-0029 |
Parent Directory
| 
Revision Log