An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
This affects versions earlier than 2018.10.17
CVSSv3 Score: 10.0
More information can be found at:
status: need to determine if the ABI needs a bump.
The bug has been referenced in the following commit(s):
Author: Sam James (sam_c) <email@example.com>
AuthorDate: 2020-03-25 03:22:33 +0000
Commit: Joonas Niilola <firstname.lastname@example.org>
CommitDate: 2020-03-31 08:38:58 +0000
media-plugins/live: Security bump to 2020.03.06
* Decided to bump to the latest while there.
* Adds an optional ssl dependency.
* Bumps from EAPI 5 => 7
Signed-off-by: Sam James (sam_c) <email@example.com>
Signed-off-by: Joonas Niilola <firstname.lastname@example.org>
media-plugins/live/Manifest | 1 +
media-plugins/live/files/config.gentoo-so-r3 | 17 +++++
media-plugins/live/live-2020.03.06.ebuild | 100 +++++++++++++++++++++++++++
3 files changed, 118 insertions(+)
@maintainer(s), please advise if ready for stabilisation, or call yourself
Unable to check for sanity:
> disallowed package spec (only = allowed): media-plugins/live
Unable to check for sanity:
> no match for package: =media-plugins/live-2020.30.06
In Live555 before 2019.02.27, malformed headers lead to invalid memory
access in the parseAuthorizationHeader function.
Maybe remove the vulnerable versions too:
live-2017.10.28.ebuild live-2018.01.29.ebuild live-2018.07.07.ebuild
would be bad to let users keep on using those versions.
(In reply to J.O. Aho from comment #7)
> Maybe remove the vulnerable versions too:
> live-2017.10.28.ebuild live-2018.01.29.ebuild live-2018.07.07.ebuild
> would be bad to let users keep on using those versions.
We always cleanup after stabilisation if necessary, don't worry.
A Denial of Service issue was discovered in the LIVE555 Streaming Media
libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer
crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is
supported, via x-sessioncookie HTTP headers in a GET request and a POST
request within the same TCP session. This occurs because of a call to an
incorrect virtual function pointer in the readSocket function in
Live555 before 2019.08.16 has a Use-After-Free because
GenericMediaServer::createNewClientSessionWithId can generate the same
client session ID in succession, which is mishandled by the MPEG1or2 and
Matroska file demultiplexors.
dropped to ~sparc
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
This issue was resolved and addressed in
GLSA 202005-06 at https://security.gentoo.org/glsa/202005-06
by GLSA coordinator Thomas Deutschmann (whissi).