1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2840-1] srtp security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Jan 10 18:50:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2840-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : srtp
    Vulnerability : buffer overflow
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-2139
    Debian Bug : 711163

    Fernando Russ from Groundworks Technologies reported a buffer overflow
    flaw in srtp, Cisco's reference implementation of the Secure Real-time
    Transport Protocol (SRTP), in how the
    crypto_policy_set_from_profile_for_rtp() function applies
    cryptographic profiles to an srtp_policy. A remote attacker could
    exploit this vulnerability to crash an application linked against
    libsrtp, resulting in a denial of service.

    For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4~dfsg-6+deb6u1.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.4.4+20100615~dfsg-2+deb7u1.

    For the testing distribution (jessie), this problem has been fixed in
    version 1.4.5~20130609~dfsg-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.4.5~20130609~dfsg-1.

    We recommend that you upgrade your srtp packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJS0DBmAAoJEAVMuPMTQ89EDZoP+wX3KQU/9dnk67ngLC9c9asr /i/zUaerW5rDG/pQkf94VAER+qac0TMZXN17bZzEvoui02lYU/kcSqNrmWx02J1C +nzi3X8+BwcZcZnUYbpv4681iJDKOOcEsM8pNvQjavhiNHF78wL1QNstbMbv/HHT EB8Q+eP4EJOmYwnHthOeT8yeDMQMlpsGtdXShvJe/LphtFBZn9WqPNnvoQiI0kVo b2yWLtS+7UdeWSEgChoKnBx7pUVR/Eyyl9ncuHA3qNc1wWrIWAGVIanqHN5GJl07 KTwYn+dPrln/YabbhZASwU7Re8tSARN/mFbvT74xqjJ91EgTyHY82N0G0XAo0wxb XCnOfN9oWsO1Fr6W1VnQyJ795wLxlAm02TT7gj/So17WM9MK6Xy5Fx7a/PwUwz8T EqoB6xuZLdlVzGc8GeDL80sBhZ4VGgrjC7dxhTMfyU7tDCvrxaHeuDtAbGrEZIb8 VTVPyN/vB3kCCEyRWWoY2q6GWH21iRNGLhKRoqb4zsMebwFBsfWYaGiL5sGyATzD YmgT5Q0HfoTboQBfHSzZRHDNWFBVUOfY64Ut8QSiE7hFySjxrNqxctNt1OQEZZGZ juMCd5GrXRnfkIPS/iIHoNWcg5YCjc1pEI/MbeSSQXA75zJI/HVOKJUSm6uTQ7Ar xumHO0//mQ8zM/zWYSSG
    =6Cvs
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)