[Live-devel] Fixed a serious security bug in the "LIVE555 Streaming Media" code. PLEASE UPGRADE ASAP!
Ross Finlayson
finlayson at live555.com
Tue Nov 26 13:02:09 PST 2013
The latest version - 2013.11.26 - of the "LIVE555 Streaming Media" code fixes a serious potential buffer-overflow bug in the RTSP command parsing code. This bug could potentially allow an attacker (with a malicious RTSP client or server) to cause cause arbitrary code to be executed in your own RTSP server or client.
IMPORTANT NOTE: All LIVE555-based applications that include a RTSP client or RTSP server should ***upgrade to this latest version ASAP***!
(The bug affected RTSP clients as well as RTSP servers, because RTSP clients can also receive commands.)
Many thanks to iSEC Partners <http://isecpartners.com/> for discovering and reporting this bug.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20131126/45e302e5/attachment.html>
More information about the live-devel
mailing list