MGASA-2021-0559 - Updated pjproject packages fix security vulnerability Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0559.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-32686 Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686). References: - https://bugs.mageia.org/show_bug.cgi?id=29317 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686 SRPMS: - 8/core/pjproject-2.10-5.3.mga8
Mageia 2021-0559: pjproject security update
Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket
Summary
CVE: CVE-2021-32686
Updated pjproject packages fix security vulnerability:
In PJSIP before version 2.11.1, there are a couple of issues found in the
SSL socket. First, a race condition between callback and destroy, due to
the accepted socket having no group lock. Second, the SSL socket parent/
listener may get destroyed during handshake. Both issues were reported to
happen intermittently in heavy load TLS connections. They cause a crash,
resulting in a denial of service (CVE-2021-32686).
Resolution
MGASA-2021-0559 - Updated pjproject packages fix security vulnerability
References
- https://bugs.mageia.org/show_bug.cgi?id=29317
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686
Severity
Issued Date: 19 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0559.html
Type: security
Affected Mageia releases: 8
News
HOWTOs
About Us
Powered By
