Updated pjproject packages fix security vulnerability
Publication date: 19 Dec 2021Modification date: 19 Dec 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-32686
Description
Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686).
References
SRPMS
8/core
- pjproject-2.10-5.3.mga8