Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0559
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0559)
Zusammenfassung:	The remote host is missing an update for the 'pjproject' package(s) announced via the MGASA-2021-0559 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'pjproject' package(s) announced via the MGASA-2021-0559 advisory. Vulnerability Insight: Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686). Affected Software/OS: 'pjproject' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32686 https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr Debian Security Information: DSA-4999 (Google Search) https://www.debian.org/security/2021/dsa-4999 https://security.gentoo.org/glsa/202210-37 https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd https://github.com/pjsip/pjproject/pull/2716 https://github.com/pjsip/pjproject/releases/tag/2.11.1 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.