Randell Jesup and the Firefox team discovered that srtp, Cisco's
reference implementation of the Secure Real-time Transport Protocol
(SRTP), does not properly handle RTP header CSRC count and extension
header length. A remote attacker can exploit this vulnerability to crash
an application linked against libsrtp, resulting in a denial of service.
Created libsrtp tracking bugs for this issue:
Affects: fedora-all [bug 1323703]
Affects: epel-6 [bug 1323704]
Affects: epel-7 [bug 1323705]
Other upstream patches mentioned:
asterisk-22.214.171.124-2.el6, libsrtp-1.5.4-3.el6, pjproject-2.3-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Was it necessary to bump the libsrtp.so name to libsrtp.so.1 in this update?
That's the soname for the 1.5 series from upstream, so yes.