ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0465
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0465)
Resumen:	The remote host is missing an update for the 'srtp' package(s) announced via the MGASA-2014-0465 advisory.
Descripción:	Summary: The remote host is missing an update for the 'srtp' package(s) announced via the MGASA-2014-0465 advisory. Vulnerability Insight: Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service (CVE-2013-2139). Affected Software/OS: 'srtp' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2139 20130603 [GTA-2013-01] - Libsrtp srtp_protect/hmac_compute buffer overflow http://seclists.org/fulldisclosure/2013/Jun/10 93852 http://www.osvdb.org/93852 DSA-2840 http://www.debian.org/security/2014/dsa-2840 FEDORA-2013-24153 http://lwn.net/Articles/579633/ MDVSA-2014:219 http://www.mandriva.com/security/advisories?name=MDVSA-2014:219 http://advisories.mageia.org/MGASA-2014-0465.html https://bugzilla.redhat.com/show_bug.cgi?id=970697 https://github.com/cisco/libsrtp/pull/27 openSUSE-SU-2013:1258 http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html openSUSE-SU-2014:1250 http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.