Sicherheit: Denial of Service in baresip

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2024-e34efa1300
2024-03-15 01:05:10.978707
-------------------------------------------------------------------------------
-

Name : baresip
Product : Fedora 39
Version : 3.10.1
Release : 1.fc39
URL : https://github.com/baresip/baresip
Summary : Modular SIP user-agent with audio and video support
Description :
A modular SIP user-agent with support for audio and video, and many IETF
standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and
IPv6.

Additional modules provide support for audio codecs like Codec2, G.711,
G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer,
JACK Audio Connection Kit, Portaudio, and PulseAudio, video codecs like
AV1, VP8 or VP9, video sources like Video4Linux, video outputs like SDL2
or X11, NAT traversal via STUN, TURN, ICE, and NAT-PMP, media encryption
via TLS, SRTP or DTLS-SRTP, management features like embedded web-server
with HTTP interface, command-line console and interface, and MQTT.

-------------------------------------------------------------------------------
-
Update Information:

Baresip v3.10.1 (2024-03-12)
Security Release (possible Denial of Service): A wrong or manipulated incoming
RTP Timestamp can cause the baresip process to hang forever, for details see:
#2954
aureceiver: fix mtx_unlock on discard
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Mar 12 2024 Robert Scheck <robert@fedoraproject.org> 3.10.1-1
- Upgrade to 3.10.1 (#2269261)
* Mon Mar 11 2024 Robert Scheck <robert@fedoraproject.org> 3.10.0-2
- Added upstream patch to fix mtx_unlock on discard in aureceiver
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #2269261 - baresip-3.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2269261
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e34efa1300' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue