Fedora 40: Advisory on Baresip 3.10.1 Denial of Service Vulnerability

A modular SIP user-agent with support for audio and video, and many IETF

standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and

IPv6.

Additional modules provide support for audio codecs like Codec2, G.711,

G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer,

JACK Audio Connection Kit, Portaudio, and PulseAudio, video codecs like

AV1, VP8 or VP9, video sources like Video4Linux, video outputs like SDL2

or X11, NAT traversal via STUN, TURN, ICE, and NAT-PMP, media encryption

via TLS, SRTP or DTLS-SRTP, management features like embedded web-server

with HTTP interface, command-line console and interface, and MQTT.

Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954 aureceiver: fix mtx_unlock on discard Baresip v3.10.0 (2024-03-06) cmake: use default value for CMAKE_C_EXTENSIONS cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake test/main: fix NULL pointer arg on err ci: add Fedora workflow to avoid e.g. rpath issues mediatrack/start: add audio_decoder_set config: support distribution-specific/default CA paths readme: cosmetic changes ci/fedora: fix dependency config: add default CA path for Android transp,tls: add TLS client verification account,message,ua: secure incoming SIP MESSAGEs aufile: avoid race condition in case of fast destruction aufile: join thread if write fails video: add video_req_keyframe api call: start streams in sipsess_estab_handler webrtc: add av1 codec cmake: fix relative source dir ...