Mageia 2021-0559: pjproject security update | LinuxSecurity.com

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 279

MGASA-2021-0559 - Updated pjproject packages fix security vulnerability

Publication date: 19 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0559.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-32686

Updated pjproject packages fix security vulnerability:

In PJSIP before version 2.11.1, there are a couple of issues found in the
SSL socket. First, a race condition between callback and destroy, due to
the accepted socket having no group lock. Second, the SSL socket parent/
listener may get destroyed during handshake. Both issues were reported to
happen intermittently in heavy load TLS connections. They cause a crash,
resulting in a denial of service (CVE-2021-32686). 

References:
- https://bugs.mageia.org/show_bug.cgi?id=29317
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686

SRPMS:
- 8/core/pjproject-2.10-5.3.mga8

Mageia 2021-0559: pjproject security update

Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket

Summary

Updated pjproject packages fix security vulnerability:
In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686).

References

- https://bugs.mageia.org/show_bug.cgi?id=29317

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686

Resolution

MGASA-2021-0559 - Updated pjproject packages fix security vulnerability

SRPMS

- 8/core/pjproject-2.10-5.3.mga8

Severity
Publication date: 19 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0559.html
Type: security
CVE: CVE-2021-32686

News

Advisories

HOWTOs

Features

Open-Source VPN Protocols Compared: Why WireGuard is on the Rise!
Open Source OSINT Tools and Techniques
The Story Behind the Linux Security Quick Reference Guide
Benefits & Drawbacks of Using a VPN on Linux
How a WAF Could Improve the Security of Your Linux Web Applications

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy