Mageia Advisory: MGASA-2021-0559 - Updated pjproject packages fix security vulnerability

Updated pjproject packages fix security vulnerability

Publication date: 19 Dec 2021
Modification date: 19 Dec 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-32686

Description

Updated pjproject packages fix security vulnerability:

In PJSIP before version 2.11.1, there are a couple of issues found in the
SSL socket. First, a race condition between callback and destroy, due to
the accepted socket having no group lock. Second, the SSL socket parent/
listener may get destroyed during handshake. Both issues were reported to
happen intermittently in heavy load TLS connections. They cause a crash,
resulting in a denial of service (CVE-2021-32686).

References

https://bugs.mageia.org/show_bug.cgi?id=29317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686

SRPMS

8/core

pjproject-2.10-5.3.mga8

Advisories » MGASA-2021-0559

Updated pjproject packages fix security vulnerability

Description

References

SRPMS

8/core