Bug 1323702 (CVE-2015-6360) - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header
Summary: CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header l...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-6360
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1323705 1323703 1323704
Blocks: 1323706
TreeView+ depends on / blocked
 
Reported: 2016-04-04 13:11 UTC by Andrej Nemec
Modified: 2019-09-29 13:46 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-27 09:46:44 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2016-04-04 13:11:59 UTC
Randell Jesup and the Firefox team discovered that srtp, Cisco's
reference implementation of the Secure Real-time Transport Protocol
(SRTP), does not properly handle RTP header CSRC count and extension
header length. A remote attacker can exploit this vulnerability to crash
an application linked against libsrtp, resulting in a denial of service.

References:

http://seclists.org/bugtraq/2016/Apr/11

Comment 1 Andrej Nemec 2016-04-04 13:12:30 UTC
Created libsrtp tracking bugs for this issue:

Affects: fedora-all [bug 1323703]
Affects: epel-6 [bug 1323704]
Affects: epel-7 [bug 1323705]

Comment 3 Fedora Update System 2016-05-03 16:35:45 UTC
asterisk-1.8.32.3-2.el6, libsrtp-1.5.4-3.el6, pjproject-2.3-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Trevor Hemsley 2016-05-24 16:28:59 UTC
Was it necessary to bump the libsrtp.so name to libsrtp.so.1 in this update?

Comment 5 Tom "spot" Callaway 2016-07-06 17:46:08 UTC
That's the soname for the 1.5 series from upstream, so yes.


Note You need to log in before you can comment on or make changes to this bug.