[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2865-1] resiprocate security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2865-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
December 29, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : resiprocate
Version        : 1:1.11.0~beta1-3+deb9u2
CVE ID         : CVE-2017-11521 CVE-2018-12584
Debian Bug     : 869404 905495

Two vulnerabilities were fixed in the reSIProcate SIP stack.

CVE-2017-11521

    The SdpContents::Session::Medium::parse function allowed remote 
    attackers to cause a denial of service.

CVE-2018-12584

    The ConnectionBase::preparseNewBytes function allowed remote 
    attackers to cause a denial of service or possibly execute arbitrary 
    code when TLS communication is enabled.

For Debian 9 stretch, these problems have been fixed in version
1:1.11.0~beta1-3+deb9u2.

We recommend that you upgrade your resiprocate packages.

For the detailed security status of resiprocate please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/resiprocate

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHMaVgACgkQiNJCh6LY
mLFOUhAAtfuH7ymIjfJOtlgw0Z3ivQ3t/4QD2wE0/DNhsdKLrvuwlNcljz+QO/Va
ux86u72ATrvNUj9w3hu7OnXlgvzCSMNii8/21z0v0ENnXokDoVm0f3kJm3AQBavm
PaYHfhORHYphP4y+fs11RYtDmGyWF5W0uqYa3jC9Vso1/4Kd0PuekcOJt06JZA5W
C1qkOmgWzUN7vRoGRrDRnLS8uNZ95CVCbAtq5dQBwCJ7KO8yNdTZBcjugivLDV82
ipxENbERaTODSIsDx3XMzB1zYb+9NPsStzqsDNPX53ay6HAQ6T+ZGdrQRcwNtKgp
NoYwnVb19YOiebkQd/NvoUCJuoZ1ttJ5MIQ/GzJF3aG/CirZu2VZwire+jXHyCgO
G/lvvRXifjzYaULGpT15G4J9S9GFx78bWtM53aVDHwAZ9nJxl/2XVvyDgFz0ECQz
6cPxaVUO13AV3xgaBZDvG4P0xKGSX1eSQGQtJto+pK4JuvA1fbFfeuwLEQW5MD/w
HzN0WGKnAbku0a4VQDw6rMnZp8glBpoUqNlfECuMVomd6w4zyIwqNhlIf0mJlL1U
2fQbC/RrgwUV6ESfotO4+w5CSqaYAOj63WkLP00nNV17F7K1X7GztKbUfB3I+RfJ
22KJg/XAbLSCmwhGZQY2MggsBSDrztO97WXMZtHftyPEi9J2FKQ=
=uuTe
-----END PGP SIGNATURE-----


Reply to: