Upstream information

CVE-2013-2139 at MITRE

Description

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.6
Vector AV:N/AC:H/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 828009 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP2
  • libsrtp1 >= 1.5.2-2.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libsrtp1
SUSE Linux Enterprise Desktop 12 SP3
  • libsrtp1 >= 1.5.2-2.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libsrtp1
SUSE Linux Enterprise Module for Desktop Applications 15
  • libsrtp-devel >= 1.6.0-2.19
  • libsrtp1 >= 1.6.0-2.19
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA libsrtp-devel
SUSE Linux Enterprise Server 12 SP2
  • libsrtp1 >= 1.5.2-2.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libsrtp1
SUSE Linux Enterprise Server 12 SP3
  • libsrtp1 >= 1.5.2-2.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libsrtp1
SUSE Linux Enterprise Server 12 SP4
  • libsrtp1 >= 1.5.2-3.2.1
Patchnames:
SUSE Linux Enterprise Server 12 SP4 GA libsrtp1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libsrtp1 >= 1.5.2-2.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libsrtp1
openSUSE 12.3
  • libsrtp1 >= 1.4.4-2.4.1
  • libsrtp1-debuginfo >= 1.4.4-2.4.1
  • srtp >= 1.4.4-2.4.1
  • srtp-debugsource >= 1.4.4-2.4.1
  • srtp-devel >= 1.4.4-2.4.1
Patchnames:
openSUSE-2013-608
openSUSE 13.1
  • libsrtp1 >= 1.4.4-4.4.1
  • libsrtp1-debuginfo >= 1.4.4-4.4.1
  • srtp >= 1.4.4-4.4.1
  • srtp-debugsource >= 1.4.4-4.4.1
  • srtp-devel >= 1.4.4-4.4.1
Patchnames:
openSUSE-2014-565
openSUSE Leap 15.0
  • libsrtp1 >= 1.6.0-lp150.2.3
Patchnames:
openSUSE Leap 15.0 GA libsrtp1
openSUSE Leap 42.2
  • libsrtp1 >= 1.5.4-7.1
Patchnames:
openSUSE Leap 42.2 GA libsrtp1
openSUSE Leap 42.3
  • libsrtp1 >= 1.5.4-9.5
Patchnames:
openSUSE Leap 42.3 GA libsrtp1
openSUSE Tumbleweed
  • libsrtp-devel >= 1.5.4-2.1
  • libsrtp1 >= 1.5.4-2.1
  • libsrtp1-32bit >= 1.5.4-2.1
Patchnames:
openSUSE Tumbleweed GA libsrtp-devel