User: Password:
Subscribe / Log in / New account

libsrtp: denial of service

Package(s):libsrtp CVE #(s):CVE-2013-2139
Created:January 8, 2014 Updated:November 24, 2014
Description: From the Red Hat bugzilla:

A buffer overflow flaw was reported in libsrtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. This could allow for a crash of a client linked against libsrtp (like asterisk or linphone).

Mandriva MDVSA-2014:219 srtp 2014-11-21
Mageia MGASA-2014-0465 srtp 2014-11-21
openSUSE openSUSE-SU-2014:1250-1 srtp 2014-09-29
Gentoo 201405-02 libsrtp 2014-05-03
Debian DSA-2840-1 srtp 2014-01-10
Fedora FEDORA-2013-24155 libsrtp 2014-01-08
Fedora FEDORA-2013-24114 libsrtp 2014-01-08
Fedora FEDORA-2013-24153 libsrtp 2014-01-08

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds