Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0559
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0559)
Summary:	The remote host is missing an update for the 'pjproject' package(s) announced via the MGASA-2021-0559 advisory.
Description:	Summary: The remote host is missing an update for the 'pjproject' package(s) announced via the MGASA-2021-0559 advisory. Vulnerability Insight: Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686). Affected Software/OS: 'pjproject' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32686 https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr Debian Security Information: DSA-4999 (Google Search) https://www.debian.org/security/2021/dsa-4999 https://security.gentoo.org/glsa/202210-37 https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd https://github.com/pjsip/pjproject/pull/2716 https://github.com/pjsip/pjproject/releases/tag/2.11.1 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.