Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6422-1

Ubuntu Security Notice 6422-1 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6422-1October 09, 2023ring vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Ring.Software Description:- ring: Secure and distributed voice, video, and chat platformDetails:It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to execute arbitrary code.(CVE-2021-37706)It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to cause a denial of service.This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031,CVE-2022-39244)It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to cause a denial of service.This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to cause a denial of service.(CVE-2023-27585)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   jami                            20230206.0~ds1-5ubuntu0.1   jami-daemon                     20230206.0~ds1-5ubuntu0.1Ubuntu 20.04 LTS:   jami                            20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1   jami-daemon                     20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1   ring                            20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1   ring-daemon                     20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro):   ring                            20180228.1.503da2b~ds1-1ubuntu0.1~esm1   ring-daemon                     20180228.1.503da2b~ds1-1ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6422-1   CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301,   CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845,   CVE-2022-21722, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547,   CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764,   CVE-2022-24793, CVE-2022-31031, CVE-2022-39244, CVE-2023-27585Package Information:   https://launchpad.net/ubuntu/+source/ring/20230206.0~ds1-5ubuntu0.1 https://launchpad.net/ubuntu/+source/ring/20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1

Related news

Ubuntu Security Notice USN-6422-2

Ubuntu Security Notice 6422-2 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Debian Security Advisory 5438-1

Debian Linux Security Advisory 5438-1 - A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.

Debian Security Advisory 5438-1

Debian Linux Security Advisory 5438-1 - A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.

CVE-2023-27585: Merge pull request from GHSA-q9cp-8wcq-7pfr · pjsip/pjproject@d1c5e4d

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.

Debian Security Advisory 5358-1

Debian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.

Debian Security Advisory 5358-1

Debian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.

Debian Security Advisory 5358-1

Debian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.

Debian Security Advisory 5358-1

Debian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.

CVE-2022-23547: Heap buffer overflow when decoding STUN message (2)

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.

CVE-2022-23537: Heap buffer overflow when decoding STUN message

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

Gentoo Linux Security Advisory 202210-37

Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.

CVE-2022-39244: Merge pull request from GHSA-fq45-m3f7-3mhj · pjsip/pjproject@c4d3498

PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.

CVE-2022-31031: Merge pull request from GHSA-26j7-ww69-c4qj · pjsip/pjproject@450baca

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.

CVE-2022-24793: Merge pull request from GHSA-p6g5-v97c-w5q4 · pjsip/pjproject@9fae8f4

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.

CVE-2022-24763: Denial-of-service in XML parsing due to an infinite loop

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.

CVE-2022-24764: Merge pull request from GHSA-f5qg-pqcg-765m · pjsip/pjproject@560a134

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.

CVE-2022-24754: Use PJ_ASSERT_RETURN() on pjsip_auth_create_digest() and pjsua_init_t… · pjsip/pjproject@d27f79d

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.

CVE-2022-23608: Use after free of dialog set

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.

CVE-2021-43302

Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.

CVE-2022-21723: Prevent OOB read in multipart parsing

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.

CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.

CVE-2021-43845: Merge pull request from GHSA-r374-qrwv-86hh · pjsip/pjproject@f74c1fc

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.

CVE-2021-43804: Potential out-of-bounds read when parsing RTCP BYE message

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.

CVE-2021-37706: Potential integer underflow upon receiving STUN message

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6