openSUSE Security Update : live555 (openSUSE-2019-58)
High Nessus Plugin ID 121285
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes two security issues in live555 :
- CVE-2018-4013: Remote code execution vulnerability (bsc#1114779)
- CVE-2019-6256: Denial of Service issue with RTSP-over-HTTP tunneling via x-sessioncookie HTTP headers (boo#1121892)
This library is statically linked into VLC. However VLC is not affected because it only uses the live555 library to implement the RTSP client.
SolutionUpdate the affected live555 package.