[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 393-1] srtp security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : srtp
Version        : 1.4.4~dfsg-6+deb6u2
CVE ID         : CVE-2015-6360

Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length. Credit goes to Randell Jesup and the Firefox team for reporting this issue.

(As there is no aead mode available in the Squeeze version, only srtp_unprotect() needed to be patched)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWnS5RXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHSfYP/i1RZlaf3JVpbX92GDsfOZ7s
geL/tuffqBHXl+lrmvs2+ksaWSofzfctXH2/H1gJTBsS9XfZNUEGDdtCS9Jh1lS2
CPmVIx7qTq7g1qp8oh7Hn6IFkeHfk486oRvLhjloY2WLp7Kbu78j55brZ+lf/b00
nkUf2OI+rP3wZq7zrY75F9TLZ4IF7+lWwURDzAaihu+YDj1Z/VMOBUaFCro2Y10a
AntftojKDROFkyyzDduQQfj+7avtfZsUo0Vf1u0oNyKzunkseh5WXlq6uPHfirGY
guGuIUSZJ+rdEhqKmuHcohFbw2tm6ZZO8QapwR7KH31E8uCouKXgUVIRueF6XEC9
y4XNf1ScduhqMzxHAKuBaI69YwNCdxNkY61GN3tc6+5itEcuZsvPZ11oTytprLP4
8B6xgjTX34MQXh6WB39fhaEMRbcvAgmiqUS0bKfOe3YQoHqgdQ8BVzSr0WB1Ept/
ObTCDquv2VPV15MofWwA3Ek73Q8DYCmj5Gp5Cb6uCOf9U7irQWxk12K6CK8+n/uv
jfd5AJIbt74s17VFadjUwy4CNH2pHtT1bZu4mebFVnVZVR8fGibLamZKKTwxkgFY
bL3kqo60l3sjAPRoGM3XiOM0UAtnO24dkjQqJN+wdSqdNQjWhrEAEqM6e5FNSdAa
cnBswr6k+0pm8H/qb9+0
=vccD
-----END PGP SIGNATURE-----


Reply to: