Gentoo alert 202407-23 (LIVE555 Media Server)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202407-23 ] LIVE555 Media Server: Multiple Vulnerabilities | |
| Date: | Tue, 09 Jul 2024 13:10:26 -0000 | |
| Message-ID: | <172053062695.7.14247400418526409239@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: LIVE555 Media Server: Multiple Vulnerabilities Date: July 09, 2024 Bugs: #732598, #807622 ID: 202407-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in LIVE555 Media Server, the worst of which could lead to a denial of service. Background ========== LIVE555 Media Server is a set of libraries for multimedia streaming. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------- media-plugins/live < 2021.08.24 >= 2021.08.24 Description =========== Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All LIVE555 Media Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-plugins/live-2021.08.24" References ========== [ 1 ] CVE-2020-24027 https://nvd.nist.gov/vuln/detail/CVE-2020-24027 [ 2 ] CVE-2021-38380 https://nvd.nist.gov/vuln/detail/CVE-2021-38380 [ 3 ] CVE-2021-38381 https://nvd.nist.gov/vuln/detail/CVE-2021-38381 [ 4 ] CVE-2021-38382 https://nvd.nist.gov/vuln/detail/CVE-2021-38382 [ 5 ] CVE-2021-39282 https://nvd.nist.gov/vuln/detail/CVE-2021-39282 [ 6 ] CVE-2021-39283 https://nvd.nist.gov/vuln/detail/CVE-2021-39283 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202407-23 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmaNNsIACgkQFMQkOaVy +9nmLxAAqxSobP6BMzy9pfWM3cKjmtZ1PwKAJpu2ieBWLSCO0O2wosbGPNh8MSpC /hf/O+LYNuXg5OxEOj7RWjvxiK93GQH1rIuVsZDJ5UNKWMyppky/T4OomShGaSly hORJF9eY9wXmfZWPUs/sRORsDLkB1ZOH+9yNTh2wGU3wS3M3JKOKBq/bR0RFhpim QBmW2GRSMRDwnP5Reu27kVwAYTW1uGe6qjB/aFBuWnxtjUciZlZePLJQSrfH6t7S 3DFLgyY+W/GpezcJOs1/Imx430F85xpNdo23zDwflpQ3Z40NiSCu4vLB9h2jdtof oU3J9zvrpQ/WNtZE8OAShpebSAecHPG8DTjEE6zyEbpftpogtdS4CmnTNKG33k5T FoRQClPmDTAEXYrIKV5324rOnd7ydiuv8rKNGW1A+vth3YIlAAsG5CyQrjIoGoPe ha++3043zxv7KyXUepfwXZgxouUJ2/CBIL3L0z/VulibCm9CZrBT1/pKlM94NqqA K4DiavIB/OGjeJKrMs/kuArn8EfT0ZgbMsmo1DDhbmRHLdas0NP8sgDXn8UuYrMf DPzrjw6zHN+Olu1EicEj7fDUFeS3eBaxwZYWPL0GYsyWc+9P7STaRR4Gm1LDK+6H 43vw4l4YWElXeEId4YDpERAZ4/GpQGv+qoy+cm4AoI+aeoLBoxk= =3wCP -----END PGP SIGNATURE-----