Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-26566: Releases · Motion-Project/motion

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.

CVE
#sql#web#dos#js#c++#auth#ibm#ssl

Release 4.5.1

Release Notes: 4.5.1

The documentation for the 4.5.1 release can be found in the Motion 4.5.1 Guide

The following summarizes the changes implemented in version 4.5.1

  • Fixes
    • Fix closing of v4l2 devices
    • Fix creation of pid file
    • Add check for some mmal headers
    • Fix pause when used as command line option
    • Fix json pages when there are multiple cameras
    • Fix codec for the mpeg4 container
    • Fix rotation when used for v4l2 devices

Release 4.5.0

Release Notes: 4.5.0

The documentation for the 4.5.0 release can be found in the Motion 4.5.0 Guide

The following summarizes the changes implemented in version 4.5.0

  • Fixes

    • Fix processing for native_language config option
    • Fix MariaDB pkg-config for new name
    • Fix cleanup when v4l2 open fails
    • Fix sending of stale images to stream
    • Fix path used when checking headers
    • Fix double free when using extpipe.
    • Fix setting of controls for v4l2 devices
    • Fix processing for v4l2 devices when stride is not width
    • Fix parsing of PGM files
    • Fix scale of text when in debug mode
    • Fix processing when camera is not initially available
    • Fix double free when camera is lost frequently.
    • Fix close on exec methods
    • Fix processing for preferred codec with new ffmpeg versions
    • Fix snapshots when using netcam high
    • Fix extra event triggered upon quit
  • Enhancements/Revisions

    • Updated translations
    • Remove shared handle processing for sqlite3
    • Revise log level for some messages
    • Remove unused include module.
    • Remove unused H264 palette code
    • Do not translate the ignoring IP alert message
    • Better processing of netcams that provide single jpg image
    • Update documentation on how to use PI camera via libcamerify
    • Update documentation on maximum number of cameras shown on web control page.
  • New Configuration Options

    • Replace dbeventid with eventid

Release 4.4.0

Release Notes: 4.4.0

The documentation for the 4.4.0 release can be found in the Motion 4.4.0 Guide

The following summarizes the changes implemented in version 4.4.0

  • Fixes

    • Use default for non ASCII characters in drawing
    • Maximum movie time
    • Guide updates
  • Enhancements

    • Updated translations
    • Lockout on failed authentications
    • Hardware decoding for some network cameras
    • User specification of ffmpeg options for network cameras
    • Change default processing for http cameras.
  • New Configuration Options

    • watchdog_tmo
    • watchdog_kill
    • pause
    • webcontrol_lock_minutes
    • webcontrol_lock_attempts
    • webcontrol_lock_max_ips
  • Renamed Configuration Options

    • vid_control_params -> video_params
    • mmalcam_control_params -> mmalcam_params
  • Changed Configuration Options

    • v4l2_palette use video_params
    • input use video_params
    • norm use video_params
    • frequency use video_params
    • netcam_highres use netcam_high_params
    • netcam_keepalive use netcam_params
    • netcam_proxy use netcam_params
    • netcam_tolerant_check use netcam_params
    • netcam_use_tcp use netcam_params
    • netcam_decoder use netcam_params
    • webcontrol_cors_header use webcontrol_header_params
    • stream_cors_header use stream_header_params

Release 4.3.2

Release Notes: 4.3.2

The documentation for the 4.3.2 release can be found in the Motion 4.3.2 Guide

The following summarizes the changes implemented in version 4.3.2

  • Fixes
    • Compiler warnings for newer distos.
    • Use MHD function for url decoding

Release 4.3.1

Release Notes: 4.3.1

The documentation for the 4.3.1 release can be found in the Motion 4.3.1 Guide

The following summarizes the changes implemented in version 4.3.1

  • Fixes
    • Compiler errors with GCC 10
    • Overrides to CFLAGS
    • Add maintainer mode
    • Segfault when invalid camera directory specified
    • MariaDB initializations
    • Updated guide

Release 4.3.0

Release Notes: 4.3.0

The documentation for the 4.3.0 release can be found in the Motion 4.3.0 Guide

The following summarizes the changes implemented in version 4.3.0

  • Fixes

    • Use default for non ASCII characters in drawing
    • Removed poll requirement for MHD
    • Implement revised configure and automake
    • Updated testing for travis
    • Revise MMAL to handle revisions from upstream.
    • Fix movie start times
    • Set the FPS on v4l2 devices
    • Consolidate the JPEG code processing
    • Fix substream processing for non modulo 16
    • Ignore invalid data sent from rtsp cameras.
    • Adjust the netcam handler wait and processing
    • Answer incorrect web requests.
    • Implement a delay upon excessive reconnect attempts
    • Fix filetype specified for snapshots
    • Guide updates
    • Fix vbr calculation for high frame rates
  • Enhancements

    • Updated translations
    • Implement revised directory structure
    • Implement optional decoder and encoders
    • Allow for distros that use videoio.h
    • Revise and enhance the sample service file
    • Output to the log the resulting ext pipe command
  • New Configuration Options

    • netcam_decoder

Release 4.2.2

Release Notes: 4.2.2

The documentation for the 4.2.2 release can be found in the Motion 4.2.2 Guide

The following summarizes the changes implemented in version 4.2.2

  • Fixes
    • FreeBSD Compile
    • Webcontrol quit/end
    • Add stream_motion option
    • Generic tracking option
    • Delay stream when starting
    • Hostname for IPV6
    • Multiple source streams when using passthrough
    • Guide update

Release 4.2.1

Release Notes: 4.2.1

The documentation for the 4.2.1 release can be found in the Motion 4.2.1 Guide

The following summarizes the changes implemented in version 4.2.1

  • Fixes
    • Stream rate calculations
    • Static library linking
    • Eliminate updates to movie_passthrough via webcontrol
    • Thread locking for movie_passthrough
    • NULL terminator for EXIF
    • Revised logging messages
    • Guide update for mobile

Release 4.2

Release Notes: 4.2

The documentation for the 4.2 release can be found in the Motion 4.2 Guide

The following summarizes the changes implemented in version 4.2

  • New Configuration Options:
    • lightswitch_frames
    • movie_passthrough
    • native_language
    • sql_query_stop
    • stream_cors_header
    • stream_grey
    • stream_preview_method
    • stream_tls
    • threshold_maximum
    • track_generic_move
    • vid_control_params
    • webcontrol_auth_method
    • webcontrol_cert
    • webcontrol_cors_header
    • webcontrol_key
    • webcontrol_tls
  • Renamed Configuration Options (old name -> new name)
    • lightswitch -> lightswitch_percent
    • logfile -> log_file
    • ffmpeg_bps -> movie_bps
    • ffmpeg_video_codec -> movie_codec
    • ffmpeg_duplicate_frames -> movie_duplicate_frames
    • extpipe -> movie_extpipe
    • use_extpipe -> movie_extpipe_use
    • max_movie_time -> movie_max_time
    • ffmpeg_output_movies -> movie_output
    • ffmpeg_output_debug_movies -> movie_output_motion
    • ffmpeg_variable_bitrate -> movie_quality
    • rtsp_uses_tcp -> netcam_use_tcp
    • exif_text -> picture_exif
    • output_pictures -> picture_output
    • output_debug_pictures -> picture_output_motion
    • quality -> picture_quality
    • process_id_file -> pid_file
    • switchfilter -> roundrobin_switchfilter
    • text_double -> text_scale
    • ffmpeg_timelapse_mode -> timelapse_mode
    • motion_video_pipe -> video_pipe_motion
    • webcontrol_html_output -> webcontrol_interface
    • ipv6_enabled -> webcontrol_ipv6
  • Depreciated Configuration Options
    • brightness (use vid_control_params)
    • contrast (use vid_control_params)
    • hue (use vid_control_params)
    • power_line_frequency (use vid_control_params)
    • saturation (use vid_control_params)
    • stream_limit
    • stream_motion
    • substream_port
  • Revised functionality
    • Distributed configuration files only have a subset of the options (see guide)
    • Passthrough movie recording for many IP cameras
    • All vl42 control parameters for camera can be set via the vid_control_parms
    • Significant changes to webcontrol interface and streams (see guide)
    • Additional conversion specifiers
    • Functionality for generic tracking cameras
    • Additional scaling for text on images
    • Multiple language support
  • Fixes
    • 422p palette support
    • ppm file output
    • image capture timing for network cameras
    • various other bug fixes
  • Known Issues:
    • Shutdown when out of space (#605)
  • Updates to documentation
    • Additional building instructions
  • Updates to required libraries
    • Additional requirement for libmicrohttpd (mandatory)
    • Optional gettext for native language support
    • Additional requirement for webp (disable with the --without-webp configuration option)

Release 4.1.1

Release Notes: 4.1.1

The documentation for the 4.1.1 release can be found in the Motion 4.1.1 Guide

The following summarizes the changes for 4.1.1

  • Fixes:
    • Build on musl based systems
    • jpeg decompression error processing
    • image saving when using highres option
    • filename for debug movie correction

Related news

Gentoo Linux Security Advisory 202208-18

Gentoo Linux Security Advisory 202208-18 - A vulnerability in Motion allows a remote attacker to cause denial of service. Versions less than 4.3.2 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907