Advisories » MGASA-2014-0465

Updated srtp package fixes security vulnerability

Publication date: 21 Nov 2014
Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2139

Description

Fernando Russ from Groundworks Technologies reported a buffer overflow flaw
in srtp, Cisco's reference implementation of the Secure Real-time Transport
Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function
applies cryptographic profiles to an srtp_policy. A remote attacker could
exploit this vulnerability to crash an application linked against libsrtp,
resulting in a denial of service (CVE-2013-2139).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14200
• https://www.debian.org/security/2014/dsa-2840
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2139

SRPMS

3/core

• srtp-1.4.4-3.1.mga3