Stay Secure with the Latest Linux Advisories

security advisorydenial of servicegentoo

Gentoo: 201309-13 Normal: GNU ZRTP Multiple Threats Advisory

Multiple vulnerabilities have been found in GNU ZRTP, some of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU ZRTP: Multiple vulnerabilities Date: September 24, 2013 Bugs: #481228 ID: 201309-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in GNU ZRTP, some of which may allow execution of arbitrary code. Background ========= GNU ZRTP is a C++ implementation of the ZRTP protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libzrtpcpp < 2.3.4 > = 2.3.4 Description ========== Multiple vulnerabilities have been discovered in GNU ZRTP. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround ========= There is no known workaround at this time. Resolution ========= All GNU ZRTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/libzrtpcpp-2.3.4" References ========= [ 1 ] CVE-2013-2221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2221 [ 2 ] CVE-2013-2222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2222 [ 3 ] CVE-2013-2223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2223 Availability =========== This GLSA andany updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201309-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Identify potential weaknesses within GNU ZRTP on Gentoo installations. It is recommended to perform an upgrade to prevent risks associated with remote code execution.. GNU ZRTP, Gentoo Security Advisory, Code Execution Risks, Denial of Service, Threat Resolution. . LinuxSecurity.com Team

Sep 24, 2013 Gentoo