lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 9 Apr 2018 23:00:25 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4170-1] pjproject security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4170-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 09, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pjproject
CVE ID         : CVE-2017-16872 CVE-2017-16875 CVE-2018-1000098
                 CVE-2018-1000099

Multiple vulnerabilities have been discovered in the PJSIP/PJProject
multimedia communication which may result in denial of service during
the processing of SIP and SDP messages and ioqueue keys.

For the stable distribution (stretch), these problems have been fixed in
version 2.5.5~dfsg-6+deb9u1.

We recommend that you upgrade your pjproject packages.

For the detailed security status of pjproject please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pjproject

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlrL0/0ACgkQEMKTtsN8
Tjb24Q//Tf+mgNJCFCH34I3wEO59joHw6/pytj587BrFiC6tE91ueYf2gMvoFyGM
9t3o1XMKxox2AQdoDkLJ5AHRGWm2rfgpe0Udog/W9deAG/U6eISTs7roisB58O58
iQ32rHPCBUyqxvPC8fks3BXiBUDbNoRiYiXTpqzfN/Rj3T0s33HCeHgq/LJVM4f9
cbM70HlG3Nb6LRmtXkSUTOv0enblHy/Hi98YfO4xR02bY1bnQLePWPG2bcC0rpWs
c9DxboRsh949yCH+5YK/4XiW1zX96SFlriX+uB6OiiWfzvdl/O5iUDa1Ccf8BorM
lANbeMuhfpTYfMIKP2/MkDCUJpMqZQ53VTX0GYCD4QDd4olyNpvdXNzyg53GIeBW
y1SAeF3J4ygURQQKbLARbStLGWEuW5f8b8lu9Cp1dtS/iwFlHFEUAB+m8jDqtI9k
q4hDLgtaR3c9x+XNH63EgVrga7fHQ332sDfh4o6vItsfs1FjtPeM89kbq4Fh8PnE
GJXFmggtuXpezhrgPrUnJwhzkbxRpd804ulY464izTJRTMIUvv7CcRH31Kn58DwC
Mt8417Lgi0jEDMCEYCOZjXL62EOM84qTHpWHZ4sFsubIzf1DZY6mW7Yghz1LzqLm
7+k9DG+9etDaNvxrM5nkfaeMbpedVSymqikqC6a2/tP8xDBp38k=
=wjk0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists