[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 898-1] libosip2 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libosip2
Version        : 3.6.0-4+deb7u1
CVE ID         : CVE-2016-10324 CVE-2016-10325 CVE-2016-10326
                 CVE-2017-7853


CVE-2016-10324
     In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to
     a heap buffer overflow in the osip_clrncpy() function defined in
     osipparser2/osip_port.c.

CVE-2016-10325
     In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a
     heap buffer overflow in the _osip_message_to_str() function defined
     in osipparser2/osip_message_to_str.c, resulting in a remote DoS.

CVE-2016-10326
     In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to
     a heap buffer overflow in the osip_body_to_str() function defined
     in osipparser2/osip_body.c, resulting in a remote DoS.

CVE-2017-7853
     In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a
     heap buffer overflow in the msg_osip_body_parse() function defined
     in osipparser2/osip_message_parse.c, resulting in a remote DoS.


For Debian 7 "Wheezy", these problems have been fixed in version
3.6.0-4+deb7u1.

We recommend that you upgrade your libosip2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJY89Y1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHy2kP/05UFHw56FInu89YyhWI783G
/MQJhgt+LBlgjlRAg7o5snLonKABX4lI0in0mhSjkutBZvV1DLceAo8s4OcXVb8O
brR+i3Cfn2VQQOfWTZm+RXEC3RBN8YRJ5RXbDtazwKfbUauHyg8cEHW9pz3qIeTG
IGzKxfxmHf2EPyR8fTX7G1eAzNNDOI+6JeKu/vKkIUswosLAN/BVdNiBYOMjmcAp
6kq17rmoMxaXLBAEhEXEsDrP2n2hK/OOIJJbeGca+GrRVt98hRteCEfKaaTx5ADA
WqGza83psJtoZQdy7wDG18bAApIlm+wFZAYJZUfkBq+TPoHhRio7uFqjVaxsdw1m
zAmnypuZ4PpA5Jei2uwKKXpjt9pexj1mux39OA7B2PoQAWEONgO7nyku7qnVua5G
ARm43ip1GFLxBwRQzJustcE9u3AimhevK/J4L4vN1muFVE4RiwuoNWNW5C5YQpak
74Cl7WIzEZe4yzlLl5JGytRligW0kzFoPpuo9n2zHsaWS9PI63i21TNV6BwSc7di
0Y10dkKS7V1QDL3dTSwJ70gg0TA988MqxNR1h0i89K3fsm4Amdqr8YVaNcdkVadv
KoHqxD8kmPcs6FcHC/4ppuuGHSgwEkGkX37etbAGYUeHVB80bqQKNnhkb8iLYN/b
gaa+7owStAPvOJQlRmSf
=83rW
-----END PGP SIGNATURE-----
Reply to: