[SECURITY] [DLA 2962-1] pjproject security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2962-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 28, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : pjproject
Version : 2.5.5~dfsg-6+deb9u3
CVE ID : CVE-2021-32686 CVE-2021-37706 CVE-2021-41141 CVE-2021-43299
CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303
CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-21723
CVE-2022-23608 CVE-2022-24754 CVE-2022-24764
Multiple security issues were discovered in pjproject, is a free and
open source multimedia communication library.
CVE-2021-32686
A race condition between callback and destroy, due to the accepted
socket having no group lock. Second, the SSL socket
parent/listener may get destroyed during handshake. s. They cause
crash, resulting in a denial of service.
CVE-2021-37706
An incoming STUN message contains an ERROR-CODE attribute, the
header length is not checked before performing a subtraction
operation, potentially resulting in an integer underflow scenario.
This issue affects all users that use STUN. A malicious actor
located within the victim’s network may forge and send a specially
crafted UDP (STUN) message that could remotely execute arbitrary
code on the victim’s machine
CVE-2021-41141
In various parts of PJSIP, when error/failure occurs, it is found
that the function returns without releasing the currently held
locks. This could result in a system deadlock, which cause a
denial of service for the users.
CVE-2021-43299
Stack overflow in PJSUA API when calling pjsua_player_create. An
attacker-controlled 'filename' argument may cause a buffer
overflow since it is copied to a fixed-size stack buffer without
any size validation.
CVE-2021-43300
Stack overflow in PJSUA API when calling pjsua_recorder_create. An
attacker-controlled 'filename' argument may cause a buffer
overflow since it is copied to a fixed-size stack buffer without
any size validation.
CVE-2021-43301
Stack overflow in PJSUA API when calling pjsua_playlist_create. An
attacker-controlled 'file_names' argument may cause a buffer
overflow since it is copied to a fixed-size stack buffer without
any size validation.
CVE-2021-43302
Read out-of-bounds in PJSUA API when calling
pjsua_recorder_create. An attacker-controlled 'filename' argument
may cause an out-of-bounds read when the filename is shorter than
4 characters.
CVE-2021-43303
Buffer overflow in PJSUA API when calling pjsua_call_dump. An
attacker-controlled 'buffer' argument may cause a buffer overflow,
since supplying an output buffer smaller than 128 characters may
overflow the output buffer, regardless of the 'maxlen' argument
supplied
CVE-2021-43804
An incoming RTCP BYE message contains a reason's length, this
declared length is not checked against the actual received packet
size, potentially resulting in an out-of-bound read access. A
malicious actor can send a RTCP BYE message with an invalid reason
length
CVE-2021-43845
if incoming RTCP XR message contain block, the data field is not
checked against the received packet size, potentially resulting in
an out-of-bound read access
CVE-2022-21722
it is possible that certain incoming RTP/RTCP packets can
potentially cause out-of-bound read access. This issue affects
all users that use PJMEDIA and accept incoming RTP/RTCP.
CVE-2022-21723
Parsing an incoming SIP message that contains a malformed
multipart can potentially cause out-of-bound read access. This
issue affects all PJSIP users that accept SIP multipart.
CVE-2022-23608
When in a dialog set (or forking) scenario, a hash key shared by
multiple UAC dialogs can potentially be prematurely freed when one
of the dialogs is destroyed . The issue may cause a dialog set to
be registered in the hash table multiple times (with different
hash keys) leading to undefined behavior such as dialog list
collision which eventually leading to endless loop
CVE-2022-24754
There is a stack-buffer overflow vulnerability which only impacts
PJSIP users who accept hashed digest credentials (credentials with
data_type `PJSIP_CRED_DATA_DIGEST`).
CVE-2022-24764
A stack buffer overflow vulnerability that affects PJSUA2 users
or users that call the API `pjmedia_sdp_print(),
pjmedia_sdp_media_print()`
For Debian 9 stretch, these problems have been fixed in version
2.5.5~dfsg-6+deb9u3.
We recommend that you upgrade your pjproject packages.
For the detailed security status of pjproject please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pjproject
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmJBxNgACgkQhj1N8u2c
KO811w//eACT9HmMad2WGodOhdDVqFB0FVdmWOs/k9zaqm8T4H7yYjRMZmbSXvPD
WyPPqmuWbXEg2BLEtI3Xupdu1b4bUrvGt4S64dyRJOI/nBGHb7u6XFtSciHttjPc
gOl9GZjOpV8TBJcVBRxbEtJkws+blJfWuPlXbswWlFjejDlrueCNqqBeHAnDY+8r
zJ0DCEgsPGyG0LqoONSaprdkAE7JAQa2WINPuatB1jY4vlYX7DyKJA2k1GNCLydM
hehNIl1ovuxrkCJwDFhi/kaaXCDHSYC2KyKgE8NJDV8dZ7Vlx5hVsns//i1fm+5x
HDNUPd4MXhRvlo2ngEXZDIF9m4yankO27JJnjZ+HInT8JCy9PC4nQBm428suZDTN
1ENjzNTPZfR7FX51SSr/yGb1TX2+ZRyhcCHcEQYNYdaSVAjLAez3BSgTvbz+WCGL
AUP8aA5w42knattXYm3p6aimWvDIuVxNZDrPVsaSF3uukwkHZS1GpzhUNCaPaqTn
kNaIJ5j0R0wnTdV+T0N6I7Xhfg8zmgyGnkjhXTg+GMA5IdFAsJjsZ9SoC57x+vOt
qP0V1+qChV8NBoZ+tx1YC4KhLBv1hBdSaezpEbOZXqnRkrtxfwguTjknNMtrqoIB
i2B8y+qtFE8GqDWUoWWjs3JTH9aMEpE4rzDfzeHNUoJo8Ni7zh8=
=kyBI
-----END PGP SIGNATURE-----
Reply to: