Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#5030 closed defect (fixed)

CVE-2007-6036 denial of service security bug in liveMedia

Reported by: Erik Hovland <erik@…> Owned by: Isaac Richards
Priority: minor Milestone: 0.21.1
Component: mythtv Version: 0.21-fixes
Severity: medium Keywords:
Cc: Ticket locked: no

Description

The liveMedia library has a bug in the RTSP code that makes it possible to cause a denial of service in applications that use the library. This is reported in CVE-2007-6036.

The latest version of liveMedia includes the fix. But that is probably way too much churning for a stable branch. So I am including a much smaller patch which fixes just the things associated to the security flaw.

Attachments (1)

libs_libmythlivemedia_cve-2007-6036.patch (2.8 KB) - added by Erik Hovland <erik@…> 16 years ago.
backport of the DoS fix from liveMedia 2008-02-08 tarball

Download all attachments as: .zip

Change History (3)

Changed 16 years ago by Erik Hovland <erik@…>

Attachment: libs_libmythlivemedia_cve-2007-6036.patch added

backport of the DoS fix from liveMedia 2008-02-08 tarball

comment:1 Changed 16 years ago by Janne Grunau

Resolution: fixed
Status: newclosed

(In [16837]) Fix CVE-2007-6036 denial of service security bug in liveMedia. Closes #5030

From: Erik Hovland <erik@…>

denial of service attack discovered by Luigi Auriemma

comment:2 Changed 16 years ago by Janne Grunau

(In [16838]) Merges revision [16837] from trunk: Fix CVE-2007-6036 denial of service security bug in liveMedia. Closes #5030

From: Erik Hovland <erik@…>

denial of service attack discovered by Luigi Auriemma

Note: See TracTickets for help on using tickets.