Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0121)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0121

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0121)

Resumen: The remote host is missing an update for the 'live, mplayer, vlc' package(s) announced via the MGASA-2019-0121 advisory.

Descripción: Summary:
The remote host is missing an update for the 'live, mplayer, vlc' package(s) announced via the MGASA-2019-0121 advisory.

Vulnerability Insight:
The updated live, mplayer, vlc packages fix security vulnerabilities:

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an
RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to
a Use-After-Free error that causes the RTSP server to crash (Segmentation
fault) or possibly have unspecified other impact. (CVE-2019-7314)

In Live555 before 2019.02.27, malformed headers lead to invalid memory
access in the parseAuthorizationHeader function. (CVE-2019-9215)

Mplayer and VLC has been rebuilt against new live packages.

Also, VLC has been updated to version 3.0.6.

Affected Software/OS:
'live, mplayer, vlc' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-7314
Bugtraq: 20190317 [SECURITY] [DSA 4408-1] liblivemedia security update (Google Search)
https://seclists.org/bugtraq/2019/Mar/22
Debian Security Information: DSA-4408 (Google Search)
https://www.debian.org/security/2019/dsa-4408
https://security.gentoo.org/glsa/202005-06
http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
http://www.live555.com/liveMedia/public/changelog.txt
https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html
SuSE Security Announcement: openSUSE-SU-2019:1797 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html
SuSE Security Announcement: openSUSE-SU-2019:1880 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html
SuSE Security Announcement: openSUSE-SU-2020:0944 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9215
https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0121
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0121)
Resumen:	The remote host is missing an update for the 'live, mplayer, vlc' package(s) announced via the MGASA-2019-0121 advisory.
Descripción:	Summary: The remote host is missing an update for the 'live, mplayer, vlc' package(s) announced via the MGASA-2019-0121 advisory. Vulnerability Insight: The updated live, mplayer, vlc packages fix security vulnerabilities: liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-7314) In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. (CVE-2019-9215) Mplayer and VLC has been rebuilt against new live packages. Also, VLC has been updated to version 3.0.6. Affected Software/OS: 'live, mplayer, vlc' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-7314 Bugtraq: 20190317 [SECURITY] [DSA 4408-1] liblivemedia security update (Google Search) https://seclists.org/bugtraq/2019/Mar/22 Debian Security Information: DSA-4408 (Google Search) https://www.debian.org/security/2019/dsa-4408 https://security.gentoo.org/glsa/202005-06 http://lists.live555.com/pipermail/live-devel/2019-February/021143.html http://www.live555.com/liveMedia/public/changelog.txt https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html SuSE Security Announcement: openSUSE-SU-2019:1797 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html SuSE Security Announcement: openSUSE-SU-2019:1880 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html SuSE Security Announcement: openSUSE-SU-2020:0944 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2019-9215 https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html
Copyright	Copyright (C) 2022 Greenbone AG