Advisories ยป MGASA-2014-0465

Updated srtp package fixes security vulnerability

Publication date: 21 Nov 2014
Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2139


Fernando Russ from Groundworks Technologies reported a buffer overflow flaw
in srtp, Cisco's reference implementation of the Secure Real-time Transport
Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function
applies cryptographic profiles to an srtp_policy. A remote attacker could
exploit this vulnerability to crash an application linked against libsrtp,
resulting in a denial of service (CVE-2013-2139).