From ${URL} : A buffer overflow flaw was reported [1] in libsrtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. This could allow for a crash of a client linked against libsrtp (like asterisk or linphone). A pull request in git [2] has a patch to correct this issue. [1] http://seclists.org/fulldisclosure/2013/Jun/10 [2] https://github.com/cisco/libsrtp/pull/26 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
(In reply to Agostino Sarubbo from comment #0) > A pull request in git [2] has a patch to correct this issue. > > [1] http://seclists.org/fulldisclosure/2013/Jun/10 > [2] https://github.com/cisco/libsrtp/pull/26 The pull request author wrote "The changes to the rtcp code are not correct. I'll fix this tomorrow and send a new pull request."
Fixed in the next pull request: https://github.com/cisco/libsrtp/pull/27
Arches, please test and stabilize libsrtp-1.4.4_p20121108-r1
amd64 stable
x86 stable
@creffett: why B3 instead of B2?
ppc stable
alpha/ia64 stable
ppc64 stable
vote please
Thanks for your work. GLSA vote: yes
CVE-2013-2139 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2139): Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
GLSA vote: yes. glsa request filed.
This issue was resolved and addressed in GLSA 201405-02 at http://security.gentoo.org/glsa/glsa-201405-02.xml by GLSA coordinator Sean Amoss (ackle).