PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using pjlib-util/stun_simple
API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1", "binary_name": "ring" }, { "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1", "binary_name": "ring-daemon" }, { "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1", "binary_name": "ring-daemon-dbgsym" }, { "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1", "binary_name": "ring-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1", "binary_name": "jami" }, { "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1", "binary_name": "jami-daemon" }, { "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1", "binary_name": "jami-daemon-dbgsym" }, { "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1", "binary_name": "jami-dbgsym" }, { "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1", "binary_name": "ring" }, { "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1", "binary_name": "ring-daemon" } ] }