{"id":"MGASA-2021-0313","summary":"Updated live packages fix security vulnerabilities","details":"Updated live packages fix security vulnerabilities:\n\nLive555 before 2019.08.16 has a Use-After-Free because\nGenericMediaServer::createNewClientSessionWithId can generate the same client\nsession ID in succession, which is mishandled by the MPEG1or2 and Matroska\nfile demultiplexors (CVE-2019-15232).\n\nVulnerability in the AC3AudioFileServerMediaSubsession,\nADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive\nOnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media\nbefore 2021.3.16 (CVE-2021-28899).\n\nThe mplayer package has been rebuilt against the updated live package.\n","modified":"2026-02-04T04:36:17.868459Z","published":"2021-07-04T02:13:55Z","related":["CVE-2019-15232","CVE-2021-28899"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0313.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29175"},{"type":"REPORT","url":"http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"},{"type":"REPORT","url":"http://live555.com/liveMedia/public/changelog.txt"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y7ZOGH7UAC6Q7OJHR62KOMWS64YF4G73/"}],"affected":[{"package":{"name":"live","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/live?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.06.25-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0313.json"}},{"package":{"name":"mplayer","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0313.json"}},{"package":{"name":"mplayer","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-1.1.mga7.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0313.json"}},{"package":{"name":"live","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/live?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.06.25-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0313.json"}},{"package":{"name":"mplayer","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-9.3.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0313.json"}},{"package":{"name":"mplayer","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-9.3.mga8.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0313.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}