-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3156-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini February 07, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : liblivemedia CVE ID : CVE-2013-6933 A vulnerability was found in liveMedia, a set of C++ libraries for multimedia streaming. RTSP messages starting with whitespace were assumed to have a zero length, triggering an integer underflow, infinite loop, and then a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTSP messages. The packages vlc and mplayer have also been updated to reflect this improvement. For the stable distribution (wheezy), this problem has been fixed in liblivemedia version 2012.05.17-1+wheezy1, vlc version 2.0.3-5+deb7u2+b1, and mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in liblivemedia version 2014.01.13-1. For the unstable distribution (sid), this problem has been fixed in liblivemedia version 2014.01.13-1. We recommend that you upgrade your liblivemedia, vlc, and mplayer packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU1iZ6AAoJEG7C3vaP/jd0MCcP/27ObP4bPSLUYrCVG+/x0v/1 vtuW4ZlazfmT2EO7oz47Td6VAYdym90CF7NasCLHZaueJdTYG71cVsLxWe1NuzZ5 TWL81pM6ff0+b4D0Tj50SFzExMeIG6rqcUYPK1Sq9r3Eww4CBKG3Dxhyz4xva3ZJ tospDb5zVDSqGXkeBIpY5om15k8FGc+C6YKuyBbWaTsCSISo4m3/NYAJvlqvPiry Xy3hgpW6mYsemB6ooGWwSK3zU1NVB4dr9Wjv1aFBa2Ar4JTlt2Zz5sqBsRGXuvCV QVjB+bL/b4C5gP6iJC14OppJqEL2lLwzlYPT9UVmv6nLvwRSPAqAFOAexzk2EIqU LKs2edQF5HBrxQuvtD3DJcUX88C5/v+A8TYHXEISLdQmaKjF5NWP/ihpWJqocSYB d3tT2sP0RhthVFIWu5ybZlBZ1T25cTMnaLGCObKDWstNJ8ZJLoSdsqM6Aki8OVka uVdHvTQhMUh7u2Kx0rQ25B17GRIp+zvA5uNIFk/6SZBA4BR4RDoELMGcepjuTvVn REEJ1NlQmXrR1Lmr6mVz+JlTDIY4tMN4B7XNxI43PoLsiEhwPo6V5eC44B3oJo+O mPx6dJsXIe10VTxOfE26Im9Hwkg+uh41Jzoeji7kyK9bxpfWpjwgqkfzupmyoygE ZIO4G908tuyRPIPs1vdx =Lhkt -----END PGP SIGNATURE-----