Advisories » MGASA-2021-0336

Updated pjproject packages fix a security vulnerability

Publication date: 10 Jul 2021
Modification date: 10 Jul 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2021-21375

Description

An issue has been found in pjproject. Due to bad handling of two consecutive
crafted answers to an INVITE, the attacker is able to crash the server
resulting in a denial of service (CVE-2021-21375).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28998
• https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
• https://www.debian.org/lts/security/2021/dla-2636
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21375

SRPMS

7/core

• pjproject-2.7.2-1.1.mga7