Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2020:3873
HistoryOct 20, 2020 - 6:24 p.m.

libsrtp security update

2020-10-2018:24:00
CentOS Project
lists.centos.org
97

0.026 Low

EPSS

Percentile

90.2%

JSON

CentOS Errata and Security Advisory CESA-2020:3873

The libsrtp package provides an implementation of the Secure Real-time Transport Protocol (SRTP), the Universal Security Transform (UST), and a supporting cryptographic kernel.

Security Fix(es):

  • libsrtp: improper handling of CSRC count and extension header length in RTP header (CVE-2015-6360)

  • libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032830.html

Affected packages:
libsrtp
libsrtp-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3873

Related

nessus 27
amazon 1
oraclelinux 1
openvas 18
redhat 1
cve 2
cvelist 2
cisco 1
freebsd 1
debiancve 2
prion 2
ubuntucve 2
debian 5
mageia 2
fedora 3
gentoo 1
securityvulns 2
nessus
nessus
EulerOS 2.0 SP2 : libsrtp (EulerOS-SA-2019-2472)
2019-12-04 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : libsrtp Multiple Vulnerabilities (NS-SA-2021-0032)
2021-03-10 00:00:00
Scientific Linux Security Update : libsrtp on SL7.x x86_64 (20201001)
2020-10-21 00:00:00
amazon
amazon
Medium: libsrtp
2020-10-22 18:18:00
oraclelinux
oraclelinux
libsrtp security and bug fix update
2020-10-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libsrtp (EulerOS-SA-2019-2617)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libsrtp (EulerOS-SA-2019-2472)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-393-1)
2023-03-08 00:00:00
redhat
redhat
(RHSA-2020:3873) Moderate: libsrtp security and bug fix update
2020-09-29 07:39:26
cve
cve
CVE-2015-6360
2016-04-21 10:59:00
CVE-2013-2139
2014-01-16 05:05:00
cvelist
cvelist
CVE-2015-6360
2016-04-21 10:00:00
CVE-2013-2139
2014-01-16 02:00:00
cisco
cisco
Multiple Cisco Products libSRTP Denial of Service Vulnerability
2016-04-20 16:00:00
freebsd
freebsd
libsrtp -- DoS via crafted RTP header vulnerability
2015-11-02 00:00:00
debiancve
debiancve
CVE-2015-6360
2016-04-21 10:59:00
CVE-2013-2139
2014-01-16 05:05:00
prion
prion
Code injection
2016-04-21 10:59:00
Buffer overflow
2014-01-16 05:05:00
ubuntucve
ubuntucve
CVE-2015-6360
2016-04-21 00:00:00
CVE-2013-2139
2014-01-16 00:00:00
debian
debian
[SECURITY] [DSA 3539-1] srtp security update
2016-04-02 09:56:22
[SECURITY] [DLA 393-1] srtp security update
2016-01-18 18:30:24
[SECURITY] [DSA 3539-1] srtp security update
2016-04-02 09:56:40
mageia
mageia
Updated srtp packages fix security vulnerability
2016-01-29 14:02:50
Updated srtp package fixes security vulnerability
2014-11-21 15:44:16
fedora
fedora
[SECURITY] Fedora 20 Update: libsrtp-1.4.4-9.20101004cvs.fc20
2014-01-08 07:53:18
[SECURITY] Fedora 19 Update: libsrtp-1.4.4-9.20101004cvs.fc19
2014-01-08 07:49:01
[SECURITY] Fedora 18 Update: libsrtp-1.4.4-9.20101004cvs.fc18
2014-01-08 07:46:55
gentoo
gentoo
libSRTP: Denial of service
2014-05-03 00:00:00
securityvulns
securityvulns
Cisco srtp library buffer overflow
2014-01-14 00:00:00
[SECURITY] [DSA 2840-1] srtp security update
2014-01-14 00:00:00

0.026 Low

EPSS

Percentile

90.2%

JSON
Related for CESA-2020:3873
nessus27amazon1oraclelinux1openvas18redhat1cve2cvelist2cisco1freebsd1debiancve2prion2ubuntucve2debian5mageia2fedora3gentoo1securityvulns2