| Errata ID | 13 |
|---|---|
| Date | 2019-03-27 |
| Source package | liblivemedia |
| Fixed in version | 2016.11.28-1+deb9u2 |
| Description | This update addresses the following issues: * A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. (CVE-2019-6256) * liblivemedia mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-7314) * In Live555, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. (CVE-2019-9215) |
| Additional notes | |
| CVE ID | CVE-2019-6256 CVE-2019-7314 CVE-2019-9215 |
| UCS Bug number | #49022 |
