The RTP dissector could crash. (Bug 9885)
Versions affected: 1.10.0 to 1.10.6
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP
dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP
conversation data, which allows remote attackers to cause a denial of
service (application crash) via a crafted packet.
Maintainer(s), please cleanup.
Security, please vote.
Arches and Mainter(s), Thank you for your work.
Added to an existing GLSA request.
This issue was resolved and addressed in
GLSA 201406-33 at http://security.gentoo.org/glsa/glsa-201406-33.xml
by GLSA coordinator Mikle Kolyada (Zlogene).