Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6422.2
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6422-2)
Summary:	The remote host is missing an update for the 'ring' package(s) announced via the USN-6422-2 advisory.
Description:	Summary: The remote host is missing an update for the 'ring' package(s) announced via the USN-6422-2 advisory. Vulnerability Insight: It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585) Original advisory details: It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585) Affected Software/OS: 'ring' package(s) on Ubuntu 23.10. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-37706 https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 Debian Security Information: DSA-5285 (Google Search) https://www.debian.org/security/2022/dsa-5285 http://seclists.org/fulldisclosure/2022/Mar/0 https://security.gentoo.org/glsa/202210-37 http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html Common Vulnerability Exposure (CVE) ID: CVE-2023-27585 Debian Security Information: DSA-5438 (Google Search) https://www.debian.org/security/2023/dsa-5438 https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5 https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.