Upstream information

CVE-2015-6360 at MITRE

Description

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.8
Vector AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 957376 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Desktop Applications 15
  • libsrtp-devel >= 1.6.0-2.19
  • libsrtp1 >= 1.6.0-2.19
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA libsrtp-devel
openSUSE Leap 15.0
  • libsrtp1 >= 1.6.0-lp150.2.3
Patchnames:
openSUSE Leap 15.0 GA libsrtp1
openSUSE Leap 42.1
  • libsrtp >= 1.5.4-6.1
  • libsrtp-debugsource >= 1.5.4-6.1
  • libsrtp-devel >= 1.5.4-6.1
  • libsrtp1 >= 1.5.4-6.1
  • libsrtp1-32bit >= 1.5.4-6.1
  • libsrtp1-debuginfo >= 1.5.4-6.1
  • libsrtp1-debuginfo-32bit >= 1.5.4-6.1
Patchnames:
openSUSE-2016-1063
openSUSE Leap 42.2
  • libsrtp1 >= 1.5.4-7.1
Patchnames:
openSUSE Leap 42.2 GA libsrtp1
openSUSE Leap 42.3
  • libsrtp1 >= 1.5.4-9.5
Patchnames:
openSUSE Leap 42.3 GA libsrtp1
openSUSE Tumbleweed
  • libsrtp-devel >= 1.5.4-2.1
  • libsrtp1 >= 1.5.4-2.1
  • libsrtp1-32bit >= 1.5.4-2.1
Patchnames:
openSUSE Tumbleweed GA libsrtp-devel