[Secure-testing-team] Bug#807698: CVE-2015-6360: Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length

Guido Günther Fri, 11 Dec 2015 09:28:31 -0800

Source: srtp
Version: 1.4.5~20130609~dfsg-1.1
Severity: grave
Tags: security


Hi,
from what I figured out it seems the 1.4 series is also affected by
CVE-2015-6360. While there is no aead mode srtp_unprotect needs the
patch nevertheless. See:

    https://security-tracker.debian.org/tracker/CVE-2015-6360

for a list of patches.
Cheers,
 -- Guido


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

_______________________________________________
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#807698: CVE-2015-6360: Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length

Reply via email to