[Live-devel] New "LIVE555 Streaming Media" version released - patches potential security vulnerability for some RTSP servers
Ross Finlayson
finlayson at live555.com
Tue Mar 16 00:03:35 PDT 2021
I have just installed a new version (2021.03.16) of the “LIVE555 Streaming Media” code that fixes the bug (a potential security vulnerability) that Zhao Jiaxu reported yesterday.
If your code implements a RTSP server that uses one or more of the following "OnDemandServerMediaSubsession” subclasses:
AC3AudioFileServerMediaSubsession
ADTSAudioFileServerMediaSubsession
AMRAudioFileServerMediaSubsession
then you should upgrade to the latest version of the code ASAP. (This includes the “testOnDemandRTSPServer” demo application. Note, however, that the "DynamicRTSPServer" code used by the "LIVE555 Media Server" is not vulnerable to this bug.)
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
More information about the live-devel
mailing list