MGASA-2021-0559

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0559.html

Import Source

https://advisories.mageia.org/MGASA-2021-0559.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0559

Related

CVE-2021-32686

Published

2021-12-19T12:26:08Z

Modified

2021-12-19T11:48:17Z

Summary

Updated pjproject packages fix security vulnerability

Details

Updated pjproject packages fix security vulnerability:

In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2021-0559

Affected packages