Multiple stack-based buffer overflows were found in the way libzrtpcpp, a ZRTP support library for the GNU ccRTP stack, processed certain ZRTP Hello packets (ZRTP Hello packets with an overly-large value in certain fields, including the count of public keys). A remote attacker could provide a specially-crafted ZRTP packet that, when processed in an application linked against libzrtpcpp would lead to that application crash. References: [1] http://www.openwall.com/lists/oss-security/2013/06/29/1 [2] http://www.openwall.com/lists/oss-security/2013/06/30/2 [3] http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html Relevant upstream patch: [4] https://github.com/wernerd/ZRTPCPP/commit/c8617100f359b217a974938c5539a1dd8a120b0e
This issue affects the versions of the libzrtpcpp package, as shipped with Fedora release of 17 and 18. Please schedule an update. -- This issue did NOT affect the versions of the libzrtpcpp package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Created libzrtpcpp tracking bugs for this issue: Affects: fedora-all [bug 980904]
libzrtpcpp-2.3.4-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.