Home / mailings [SECURITY] [DSA 3156-1] liblivemedia security update
Posted on 07 February 2015
Debian Security Advisory-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3156-1 security@debian.org
http://www.debian.org/security/ Alessandro Ghedini
February 07, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : liblivemedia
CVE ID : CVE-2013-6933
A vulnerability was found in liveMedia, a set of C++ libraries for
multimedia streaming. RTSP messages starting with whitespace were assumed
to have a zero length, triggering an integer underflow, infinite loop,
and then a buffer overflow. This could allow remote attackers to cause a
denial of service (crash) or arbitrary code execution via crafted RTSP
messages.
The packages vlc and mplayer have also been updated to reflect this
improvement.
For the stable distribution (wheezy), this problem has been fixed in
liblivemedia version 2012.05.17-1+wheezy1, vlc version 2.0.3-5+deb7u2+b1,
and mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u1.
For the upcoming stable distribution (jessie), this problem has been
fixed in liblivemedia version 2014.01.13-1.
For the unstable distribution (sid), this problem has been fixed in
liblivemedia version 2014.01.13-1.
We recommend that you upgrade your liblivemedia, vlc, and mplayer
packages.
Further information about Debian Security Advisories, how to apply these
updates to your system and frequently asked questions can be found at:
https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
