lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1W1gBl-0005Hn-Cu@master.debian.org> Date: Fri, 10 Jan 2014 17:48:09 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: debian-security-announce@...ts.debian.org Subject: [SECURITY] [DSA 2840-1] srtp security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2840-1 security@...ian.org http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : srtp Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2139 Debian Bug : 711163 Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service. For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4~dfsg-6+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 1.4.4+20100615~dfsg-2+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.4.5~20130609~dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1.4.5~20130609~dfsg-1. We recommend that you upgrade your srtp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJS0DBmAAoJEAVMuPMTQ89EDZoP+wX3KQU/9dnk67ngLC9c9asr /i/zUaerW5rDG/pQkf94VAER+qac0TMZXN17bZzEvoui02lYU/kcSqNrmWx02J1C +nzi3X8+BwcZcZnUYbpv4681iJDKOOcEsM8pNvQjavhiNHF78wL1QNstbMbv/HHT EB8Q+eP4EJOmYwnHthOeT8yeDMQMlpsGtdXShvJe/LphtFBZn9WqPNnvoQiI0kVo b2yWLtS+7UdeWSEgChoKnBx7pUVR/Eyyl9ncuHA3qNc1wWrIWAGVIanqHN5GJl07 KTwYn+dPrln/YabbhZASwU7Re8tSARN/mFbvT74xqjJ91EgTyHY82N0G0XAo0wxb XCnOfN9oWsO1Fr6W1VnQyJ795wLxlAm02TT7gj/So17WM9MK6Xy5Fx7a/PwUwz8T EqoB6xuZLdlVzGc8GeDL80sBhZ4VGgrjC7dxhTMfyU7tDCvrxaHeuDtAbGrEZIb8 VTVPyN/vB3kCCEyRWWoY2q6GWH21iRNGLhKRoqb4zsMebwFBsfWYaGiL5sGyATzD YmgT5Q0HfoTboQBfHSzZRHDNWFBVUOfY64Ut8QSiE7hFySjxrNqxctNt1OQEZZGZ juMCd5GrXRnfkIPS/iIHoNWcg5YCjc1pEI/MbeSSQXA75zJI/HVOKJUSm6uTQ7Ar xumHO0//mQ8zM/zWYSSG =6Cvs -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists