Univention Bugzilla – Bug 48207
liblivemedia: Multiple issues (4.2)
Last modified: 2018-11-28 12:29:37 CET
New Debian liblivemedia 2014.01.13-1+deb8u1 fixes: This update addresses the following issue: * An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. (CVE-2018-4013)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/liblivemedia_2014.01.13-1.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/liblivemedia_2014.01.13-1+deb8u1.dsc @@ -1,3 +1,9 @@ +2014.01.13-1+deb8u1 [Tue, 20 Nov 2018 16:12:02 +0100] Hugo Lefeuvre <hle@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-4013: stack-based buffer overflow in the HTTP packet-parsing + functionality, potentially resulting in code execution. + 2014.01.13-1 [Mon, 13 Jan 2014 23:50:32 +0100] Benjamin Drung <bdrung@debian.org>: * Team upload. <http://10.200.17.11/4.2-5/#6456292242817092449>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] c819f82a39 Bug #48207: liblivemedia 2014.01.13-1+deb8u1 doc/errata/staging/liblivemedia.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.2/553.html>