Re: [Live-devel] New "LIVE555 Streaming Media" version released - patches potential security vulnerability for some RTSP servers

Tue, 16 Mar 2021 19:46:45 -0700 

Hi Ross,

We try to upgrade live555 to 2021.03.16, and when we run it on our device
./testOnDemandRTSPServer
"mpeg4ESVideoTest" stream, from the file "test.m4e"
Play this stream using the URL
Segmentation fault

We build same version on PC and run it
./testOnDemandRTSPServer

"mpeg4ESVideoTest" stream, from the file "test.m4e"
Play this stream using the URL "rtsp://172.31.5.204:8554/mpeg4ESVideoTest"

"h264ESVideoTest" stream, from the file "test.264"
Play this stream using the URL "rtsp://172.31.5.204:8554/h264ESVideoTest"

Any special kernel options need to be support?
Please help. Thanks.

"live-devel 代表 Ross Finlayson" <live-devel-boun...@us.live555.com 代表 
finlay...@live555.com> 於 2021/3/16 下午3:11 寫道:

    This message was sent from outside of the company. Please do not click 
links or open attachments unless you recognize the source of this email and 
know the content is safe.


    I have just installed a new version (2021.03.16) of the “LIVE555 Streaming 
Media” code that fixes the bug (a potential security vulnerability) that Zhao 
Jiaxu reported yesterday.

    If your code implements a RTSP server that uses one or more of the 
following "OnDemandServerMediaSubsession” subclasses:
            AC3AudioFileServerMediaSubsession
            ADTSAudioFileServerMediaSubsession
            AMRAudioFileServerMediaSubsession
    then you should upgrade to the latest version of the code ASAP.  (This 
includes the “testOnDemandRTSPServer” demo application.  Note, however, that 
the "DynamicRTSPServer" code used by the "LIVE555 Media Server" is not 
vulnerable to this bug.)


    Ross Finlayson
    Live Networks, Inc.
    
https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.live555.com%2F&amp;data=04%7C01%7Ceric.hsieh%40liteon.com%7Ceb2781ac6bed4f25e2e808d8e84aaec4%7C5a7a259b6730404bbc255c6c773229ca%7C0%7C0%7C637514754762123987%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=k%2BlglYrdt90UHCFRAY%2FPE8MPcIo7b%2FzH4VfmkksSJiE%3D&amp;reserved=0


    _______________________________________________
    live-devel mailing list
    live-devel@lists.live555.com
    
https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.live555.com%2Fmailman%2Flistinfo%2Flive-devel&amp;data=04%7C01%7Ceric.hsieh%40liteon.com%7Ceb2781ac6bed4f25e2e808d8e84aaec4%7C5a7a259b6730404bbc255c6c773229ca%7C0%7C0%7C637514754762133984%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Yny2AlNW8zt1WBi6WIPuhUcrGHd2%2FdS4xkl88r4zfUo%3D&amp;reserved=0


Confidential Information:This message is sent to the intended recipient and may 
contain privileged or confidential information. If you received this 
transmission in error, please notify the sender with a replying e-mail and 
delete the message and any attachment.Transmission Caveat and Virus Alert: 
Internet communications cannot be guaranteed to be timely, secure, error or 
virus-free. The sender does not accept liability for any errors or omissions.

_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel

Reply via email to