Several security issues were fixed in PJSIP.
Software Description:
- pjproject: multimedia communication library
Details:
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP messages. A remote attacker could possibly
use this issue to cause PJSIP to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. ...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libpj2 2.7.2~dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjmedia2 2.7.2~dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjnath2 2.7.2~dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjsip2 2.7.2~dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjsua2 2.7.2~dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
python-pjproject 2.7.2~dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpj2 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjmedia2 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjnath2 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjsip2 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1
Available with Ubuntu Pro
libpjsua2 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8122-1
CVE-2017-16872, CVE-2017-16875, CVE-2018-1000098, CVE-2018-1000099,
CVE-2020-15260, CVE-2021-21375, CVE-2021-32686, CVE-2021-37706,
CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303, CVE-2026-25994
Get the latest Linux and open source security news straight to your inbox.