-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2013-11174 2013-08-16 15:51:46 --------------------------------------------------------------------------------

Name : libzrtpcpp Product : Fedora EPEL 5 Version : 3.2.1 Release : 3.el5 URL : https://github.com/wernerd/ZRTPCPP Summary : ZRTP support library for the GNU ccRTP stack Description : This package provides a library that adds ZRTP support to the GNU ccRTP stack. Phil Zimmermann developed ZRTP to allow ad-hoc, easy to use key negotiation to setup Secure RTP (SRTP) sessions. GNU ZRTP together with GNU ccRTP (1.5.0 or later) provides a ZRTP implementation that can be directly embedded into client and server applications.

-------------------------------------------------------------------------------- Update Information:

new upstream version fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #980904 - CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 libzrtpcpp various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=980904 [ 2 ] Bug #980905 - libzrtpcpp: CVE-2013-2221 libzrtpcpp: Heap-based buffer overflow when processing overly-large ZRTP packets [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=980905 --------------------------------------------------------------------------------

This update can be installed with the "yum" update programs. Use su -c 'yum update libzrtpcpp' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------