Security update for live555 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0944-1 Final 1 1 2020-07-06T22:29:21Z current 2020-07-06T22:29:21Z 2020-07-06T22:29:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for live555 This update for live555 fixes the following issues: - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. (boo#1127341) - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free error causing the RTSP server to crash or possibly have unspecified other impact. (boo#1124159) - Update to version 2019.06.28, - Convert to dynamic libraries (boo#1121995): + Use make ilinux-with-shared-libraries: build the dynamic libs instead of the static one. + Use make install instead of a manual file copy script: this also reveals that we missed quite a bit of code to be installed before. + Split out shared library packages according the SLPP. - Use FAT LTO objects in order to provide proper static library. This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-944 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ENQ5DUN3ILG4CZW4WOQ2PFJWBTZP6DDV/ E-Mail link for openSUSE-SU-2020:0944-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1121995 SUSE Bug 1121995 https://bugzilla.suse.com/1124159 SUSE Bug 1124159 https://bugzilla.suse.com/1127341 SUSE Bug 1127341 https://www.suse.com/security/cve/CVE-2019-7314/ SUSE CVE CVE-2019-7314 page https://www.suse.com/security/cve/CVE-2019-9215/ SUSE CVE CVE-2019-9215 page openSUSE Leap 15.2 libBasicUsageEnvironment1-2019.06.28-lp152.3.3.1 libUsageEnvironment3-2019.06.28-lp152.3.3.1 libgroupsock8-2019.06.28-lp152.3.3.1 libliveMedia66-2019.06.28-lp152.3.3.1 live555-2019.06.28-lp152.3.3.1 live555-devel-2019.06.28-lp152.3.3.1 libBasicUsageEnvironment1-2019.06.28-lp152.3.3.1 as a component of openSUSE Leap 15.2 libUsageEnvironment3-2019.06.28-lp152.3.3.1 as a component of openSUSE Leap 15.2 libgroupsock8-2019.06.28-lp152.3.3.1 as a component of openSUSE Leap 15.2 libliveMedia66-2019.06.28-lp152.3.3.1 as a component of openSUSE Leap 15.2 live555-2019.06.28-lp152.3.3.1 as a component of openSUSE Leap 15.2 live555-devel-2019.06.28-lp152.3.3.1 as a component of openSUSE Leap 15.2 liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. CVE-2019-7314 openSUSE Leap 15.2:libBasicUsageEnvironment1-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:libUsageEnvironment3-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:libgroupsock8-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:libliveMedia66-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:live555-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:live555-devel-2019.06.28-lp152.3.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ENQ5DUN3ILG4CZW4WOQ2PFJWBTZP6DDV/ https://www.suse.com/security/cve/CVE-2019-7314.html CVE-2019-7314 https://bugzilla.suse.com/1124159 SUSE Bug 1124159 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. CVE-2019-9215 openSUSE Leap 15.2:libBasicUsageEnvironment1-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:libUsageEnvironment3-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:libgroupsock8-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:libliveMedia66-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:live555-2019.06.28-lp152.3.3.1 openSUSE Leap 15.2:live555-devel-2019.06.28-lp152.3.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ENQ5DUN3ILG4CZW4WOQ2PFJWBTZP6DDV/ https://www.suse.com/security/cve/CVE-2019-9215.html CVE-2019-9215 https://bugzilla.suse.com/1127341 SUSE Bug 1127341