[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 2840-1] srtp security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2840-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
January 10, 2014                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : srtp
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2139
Debian Bug     : 711163

  Fernando Russ from Groundworks Technologies reported a buffer overflow
  flaw in srtp, Cisco's reference implementation of the Secure Real-time
  Transport Protocol (SRTP), in how the
  crypto_policy_set_from_profile_for_rtp() function applies
  cryptographic profiles to an srtp_policy. A remote attacker could
  exploit this vulnerability to crash an application linked against
  libsrtp, resulting in a denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1.4.4~dfsg-6+deb6u1.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.4+20100615~dfsg-2+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 1.4.5~20130609~dfsg-1.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.5~20130609~dfsg-1.

We recommend that you upgrade your srtp packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJS0DBmAAoJEAVMuPMTQ89EDZoP+wX3KQU/9dnk67ngLC9c9asr
/i/zUaerW5rDG/pQkf94VAER+qac0TMZXN17bZzEvoui02lYU/kcSqNrmWx02J1C
+nzi3X8+BwcZcZnUYbpv4681iJDKOOcEsM8pNvQjavhiNHF78wL1QNstbMbv/HHT
EB8Q+eP4EJOmYwnHthOeT8yeDMQMlpsGtdXShvJe/LphtFBZn9WqPNnvoQiI0kVo
b2yWLtS+7UdeWSEgChoKnBx7pUVR/Eyyl9ncuHA3qNc1wWrIWAGVIanqHN5GJl07
KTwYn+dPrln/YabbhZASwU7Re8tSARN/mFbvT74xqjJ91EgTyHY82N0G0XAo0wxb
XCnOfN9oWsO1Fr6W1VnQyJ795wLxlAm02TT7gj/So17WM9MK6Xy5Fx7a/PwUwz8T
EqoB6xuZLdlVzGc8GeDL80sBhZ4VGgrjC7dxhTMfyU7tDCvrxaHeuDtAbGrEZIb8
VTVPyN/vB3kCCEyRWWoY2q6GWH21iRNGLhKRoqb4zsMebwFBsfWYaGiL5sGyATzD
YmgT5Q0HfoTboQBfHSzZRHDNWFBVUOfY64Ut8QSiE7hFySjxrNqxctNt1OQEZZGZ
juMCd5GrXRnfkIPS/iIHoNWcg5YCjc1pEI/MbeSSQXA75zJI/HVOKJUSm6uTQ7Ar
xumHO0//mQ8zM/zWYSSG
=6Cvs
-----END PGP SIGNATURE-----


Reply to: