MGASA-2019-0121

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0121.html

Import Source

https://advisories.mageia.org/MGASA-2019-0121.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0121

Related

Published

2019-03-29T15:51:06Z

Modified

2026-01-31T06:51:25.183280Z

Summary

Updated live, mplayer, vlc packages fix security vulnerability

Details

The updated live, mplayer, vlc packages fix security vulnerabilities:

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-7314)

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. (CVE-2019-9215)

Mplayer and VLC has been rebuilt against new live packages.

Also, VLC has been updated to version 3.0.6.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / live

Package

Name: live
Purl: pkg:rpm/mageia/live?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2019.03.06-1.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2019-0121.json"

Mageia:6 / mplayer

Package

Name: mplayer
Purl: pkg:rpm/mageia/mplayer?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.0-14.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2019-0121.json"

Mageia:6 / vlc

Package

Name: vlc
Purl: pkg:rpm/mageia/vlc?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.6-1.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2019-0121.json"

Mageia:6 / mplayer

Package

Name: mplayer
Purl: pkg:rpm/mageia/mplayer?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.0-14.mga6.tainted

Ecosystem specific

{
    "section": "tainted"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2019-0121.json"

Mageia:6 / vlc

Package

Name: vlc
Purl: pkg:rpm/mageia/vlc?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.6-1.mga6.tainted

Ecosystem specific

{
    "section": "tainted"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2019-0121.json"