Summary: | <net-libs/libzrtpcpp-2.3.4: multiple vulnerabilities (CVE-2013-{2221,2222,2223}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Chí-Thanh Christopher Nguyễn <chithanh> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | admwiggin, voip+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=980904 http://bugs.debian.org/714650 |
||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Chí-Thanh Christopher Nguyễn
2013-08-16 00:05:20 UTC
=net-libs/libzrtpcpp-2.3.2 is unmasked in amd64, vulnerable to the above exploits, and does not build correctly. did a version bump of the current ebuild && ebuild libzrtpcpp-2.3.4 digest, and was able to compile without issue. Arches, please test and stabilize =net-libs/libzrtpcpp-2.3.4. Target arches: amd64 ppc x86. Thanks! As usual, stabilizing works much better when arches are CC'd. amd64 stable x86 stable ppc stable GLSA drafted and ready for review. @maintainers: please clean up affected versions. Vulnerable versions have been removed from the tree. This issue was resolved and addressed in GLSA 201309-13 at http://security.gentoo.org/glsa/glsa-201309-13.xml by GLSA coordinator Sean Amoss (ackle). CVE-2013-2223 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2223): GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function. CVE-2013-2222 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2222): Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions. CVE-2013-2221 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2221): Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet. |