Login
Newsletter
Werbung
Sicherheit: Denial of Service in baresip
Aktuelle Meldungen Distributionen
Name: Denial of Service in baresip
ID: FEDORA-2024-a63e807450
Distribution: Fedora
Plattformen: Fedora 40
Datum: Sa, 23. März 2024, 07:21
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2268424
https://bugzilla.redhat.com/show_bug.cgi?id=2268236
https://bugzilla.redhat.com/show_bug.cgi?id=2269261
Applikationen: baresip

Originalnachricht

 
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2024-a63e807450
2024-03-23 00:20:56.400411
-------------------------------------------------------------------------------
-

Name        : baresip
Product     : Fedora 40
Version     : 3.10.1
Release     : 1.fc40
URL         : https://github.com/baresip/baresip
Summary     : Modular SIP user-agent with audio and video support
Description :
A modular SIP user-agent with support for audio and video, and many IETF
standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and
IPv6.

Additional modules provide support for audio codecs like Codec2, G.711,
G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer,
JACK Audio Connection Kit, Portaudio, and PulseAudio, video codecs like
AV1, VP8 or VP9, video sources like Video4Linux, video outputs like SDL2
or X11, NAT traversal via STUN, TURN, ICE, and NAT-PMP, media encryption
via TLS, SRTP or DTLS-SRTP, management features like embedded web-server
with HTTP interface, command-line console and interface, and MQTT.

-------------------------------------------------------------------------------
-
Update Information:

Baresip v3.10.1 (2024-03-12)
Security Release (possible Denial of Service): A wrong or manipulated incoming
RTP Timestamp can cause the baresip process to hang forever, for details see:
#2954
aureceiver: fix mtx_unlock on discard
Baresip v3.10.0 (2024-03-06)
cmake: use default value for CMAKE_C_EXTENSIONS
cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake
test/main: fix NULL pointer arg on err
ci: add Fedora workflow to avoid e.g. rpath issues
mediatrack/start: add audio_decoder_set
config: support distribution-specific/default CA paths
readme: cosmetic changes
ci/fedora: fix dependency
config: add default CA path for Android
transp,tls: add TLS client verification
account,message,ua: secure incoming SIP MESSAGEs
aufile: avoid race condition in case of fast destruction
aufile: join thread if write fails
video: add video_req_keyframe api
call: start streams in sipsess_estab_handler
webrtc: add av1 codec
cmake: fix relative source dir find paths
echo: fix re_snprintf pointer ARG
cmake: Add include PATH so that GST is found also on Debian 11
call: improve glare handling
call: set estdir in call_set_media_direction
audio,aur: start audio player after early-video
ctrl_dbus: add busctl example to module documentation
debian: bump to v3.9.0
release v3.10.0
libre v3.10.0 (2024-03-06)
transp: deref qent only if qentp is not set
sipsess: fix doxygen comments
aufile: fix doxygen comment
ci/codeql: bump action v3
misc: text2pcap helpers (RTP/RTCP capturing)
ci/mingw: bump upload/download-artifact and cache versions
transp,tls: add TLS client verification
fmt/text2pcap: cleanup
ci/android: cache openssl build
ci/misc: fix double push/pull runs
fmt/text2pcap: fix coverity return value warning
sipsess/listen: improve glare handling
conf: add conf_get_i32
debian: bump version v3.9.0
sip/transp: reset tcp timeout on websocket receive
release v3.10.0
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Mar 12 2024 Robert Scheck <robert@fedoraproject.org> 3.10.1-1
- Upgrade to 3.10.1 (#2269261)
* Mon Mar 11 2024 Robert Scheck <robert@fedoraproject.org> 3.10.0-2
- Added upstream patch to fix mtx_unlock on discard in aureceiver
* Sun Mar 10 2024 Robert Scheck <robert@fedoraproject.org> 3.10.0-1
- Upgrade to 3.10.0 (#2268424)
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #2268236 - libre-3.10.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2268236
  [ 2 ] Bug #2268424 - baresip-3.10.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2268424
  [ 3 ] Bug #2269261 - baresip-3.10.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2269261
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a63e807450' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung