[Live-devel] New "LIVE555 Streaming Media" version released - patches potential security vulnerability for some RTSP servers

Eric Hsieh Eric.Hsieh at liteon.com
Tue Mar 16 19:38:26 PDT 2021 

Hi Ross,

We try to upgrade live555 to 2021.03.16, and when we run it on our device
./testOnDemandRTSPServer
"mpeg4ESVideoTest" stream, from the file "test.m4e"
Play this stream using the URL
Segmentation fault

We build same version on PC and run it
./testOnDemandRTSPServer

"mpeg4ESVideoTest" stream, from the file "test.m4e"
Play this stream using the URL "rtsp://172.31.5.204:8554/mpeg4ESVideoTest"

"h264ESVideoTest" stream, from the file "test.264"
Play this stream using the URL "rtsp://172.31.5.204:8554/h264ESVideoTest"

Any special kernel options need to be support?
Please help. Thanks.

"live-devel 代表 Ross Finlayson" <live-devel-bounces at us.live555.com 代表 finlayson at live555.com> 於 2021/3/16 下午3:11 寫道:

    This message was sent from outside of the company. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe.


    I have just installed a new version (2021.03.16) of the “LIVE555 Streaming Media” code that fixes the bug (a potential security vulnerability) that Zhao Jiaxu reported yesterday.

    If your code implements a RTSP server that uses one or more of the following "OnDemandServerMediaSubsession” subclasses:
            AC3AudioFileServerMediaSubsession
            ADTSAudioFileServerMediaSubsession
            AMRAudioFileServerMediaSubsession
    then you should upgrade to the latest version of the code ASAP.  (This includes the “testOnDemandRTSPServer” demo application.  Note, however, that the "DynamicRTSPServer" code used by the "LIVE555 Media Server" is not vulnerable to this bug.)


    Ross Finlayson
    Live Networks, Inc.
    https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.live555.com%2F&data=04%7C01%7Ceric.hsieh%40liteon.com%7Ceb2781ac6bed4f25e2e808d8e84aaec4%7C5a7a259b6730404bbc255c6c773229ca%7C0%7C0%7C637514754762123987%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=k%2BlglYrdt90UHCFRAY%2FPE8MPcIo7b%2FzH4VfmkksSJiE%3D&reserved=0


    _______________________________________________
    live-devel mailing list
    live-devel at lists.live555.com
    https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.live555.com%2Fmailman%2Flistinfo%2Flive-devel&data=04%7C01%7Ceric.hsieh%40liteon.com%7Ceb2781ac6bed4f25e2e808d8e84aaec4%7C5a7a259b6730404bbc255c6c773229ca%7C0%7C0%7C637514754762133984%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Yny2AlNW8zt1WBi6WIPuhUcrGHd2%2FdS4xkl88r4zfUo%3D&reserved=0


Confidential Information:This message is sent to the intended recipient and may contain privileged or confidential information. If you received this transmission in error, please notify the sender with a replying e-mail and delete the message and any attachment.Transmission Caveat and Virus Alert: Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.

More information about the live-devel mailing list