Mageia 2021-0336: pjproject security update
Summary
An issue has been found in pjproject. Due to bad handling of two consecutive
crafted answers to an INVITE, the attacker is able to crash the server
resulting in a denial of service (CVE-2021-21375).
References
- https://bugs.mageia.org/show_bug.cgi?id=28998
- https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
- https://www.debian.org/lts/security/2021/dla-2636
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21375
Resolution
MGASA-2021-0336 - Updated pjproject packages fix a security vulnerability
SRPMS
- 7/core/pjproject-2.7.2-1.1.mga7