[SECURITY] Fedora EPEL 5 Update: libzrtpcpp-3.2.1-3.el5
updates at fedoraproject.org
updates at fedoraproject.org
Sun Sep 1 18:49:47 UTC 2013
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-11174
2013-08-16 15:51:46
--------------------------------------------------------------------------------
Name : libzrtpcpp
Product : Fedora EPEL 5
Version : 3.2.1
Release : 3.el5
URL : https://github.com/wernerd/ZRTPCPP
Summary : ZRTP support library for the GNU ccRTP stack
Description :
This package provides a library that adds ZRTP support to the GNU
ccRTP stack. Phil Zimmermann developed ZRTP to allow ad-hoc, easy to
use key negotiation to setup Secure RTP (SRTP) sessions. GNU ZRTP
together with GNU ccRTP (1.5.0 or later) provides a ZRTP
implementation that can be directly embedded into client and server
applications.
--------------------------------------------------------------------------------
Update Information:
new upstream version
fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #980904 - CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 libzrtpcpp various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=980904
[ 2 ] Bug #980905 - libzrtpcpp: CVE-2013-2221 libzrtpcpp: Heap-based buffer overflow when processing overly-large ZRTP packets [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=980905
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update libzrtpcpp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the epel-package-announce
mailing list