Fedora Linux 8546 Published by

Updated baresip packages are available for Fedora Linux 38 and 39 to address a possible Denial of Service issue:

Fedora 38 Update: baresip-3.10.1-1.fc38
Fedora 39 Update: baresip-3.10.1-1.fc39




Fedora 38 Update: baresip-3.10.1-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a15fe3f120
2024-03-15 01:49:44.478283
--------------------------------------------------------------------------------

Name : baresip
Product : Fedora 38
Version : 3.10.1
Release : 1.fc38
URL : https://github.com/baresip/baresip
Summary : Modular SIP user-agent with audio and video support
Description :
A modular SIP user-agent with support for audio and video, and many IETF
standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and
IPv6.

Additional modules provide support for audio codecs like Codec2, G.711,
G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer,
JACK Audio Connection Kit, Portaudio, and PulseAudio, video codecs like
AV1, VP8 or VP9, video sources like Video4Linux, video outputs like SDL2
or X11, NAT traversal via STUN, TURN, ICE, and NAT-PMP, media encryption
via TLS, SRTP or DTLS-SRTP, management features like embedded web-server
with HTTP interface, command-line console and interface, and MQTT.

--------------------------------------------------------------------------------
Update Information:

Baresip v3.10.1 (2024-03-12)
Security Release (possible Denial of Service): A wrong or manipulated incoming
RTP Timestamp can cause the baresip process to hang forever, for details see:
#2954
aureceiver: fix mtx_unlock on discard
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 12 2024 Robert Scheck [robert@fedoraproject.org] 3.10.1-1
- Upgrade to 3.10.1 (#2269261)
* Mon Mar 11 2024 Robert Scheck [robert@fedoraproject.org] 3.10.0-2
- Added upstream patch to fix mtx_unlock on discard in aureceiver
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2269261 - baresip-3.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2269261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a15fe3f120' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: baresip-3.10.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e34efa1300
2024-03-15 01:05:10.978707
--------------------------------------------------------------------------------

Name : baresip
Product : Fedora 39
Version : 3.10.1
Release : 1.fc39
URL : https://github.com/baresip/baresip
Summary : Modular SIP user-agent with audio and video support
Description :
A modular SIP user-agent with support for audio and video, and many IETF
standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and
IPv6.

Additional modules provide support for audio codecs like Codec2, G.711,
G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer,
JACK Audio Connection Kit, Portaudio, and PulseAudio, video codecs like
AV1, VP8 or VP9, video sources like Video4Linux, video outputs like SDL2
or X11, NAT traversal via STUN, TURN, ICE, and NAT-PMP, media encryption
via TLS, SRTP or DTLS-SRTP, management features like embedded web-server
with HTTP interface, command-line console and interface, and MQTT.

--------------------------------------------------------------------------------
Update Information:

Baresip v3.10.1 (2024-03-12)
Security Release (possible Denial of Service): A wrong or manipulated incoming
RTP Timestamp can cause the baresip process to hang forever, for details see:
#2954
aureceiver: fix mtx_unlock on discard
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 12 2024 Robert Scheck [robert@fedoraproject.org] 3.10.1-1
- Upgrade to 3.10.1 (#2269261)
* Mon Mar 11 2024 Robert Scheck [robert@fedoraproject.org] 3.10.0-2
- Added upstream patch to fix mtx_unlock on discard in aureceiver
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2269261 - baresip-3.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2269261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e34efa1300' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--