ELA-835-1 pjproject security update

Debian 9924 Published by

A pjproject security update has been released for Debian GNU/Linux 9 Extended LTS to address a buffer overflow vulnerability.



ELA-835-1 pjproject security update

Package : pjproject
Version : 2.5.5~dfsg-6+deb9u9 (stretch)

Related CVEs :
CVE-2023-27585

PJSIP is a free and open source multimedia communication library written in C.
A buffer overflow vulnerability affects applications that use PJSIP DNS
resolver. It doesn’t affect PJSIP users who do not utilise PJSIP DNS resolver.
This vulnerability is related to CVE-2022-24793. The difference is that this
issue is in parsing the query record parse_query(), while the issue in
CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in
PJSIP config (by setting nameserver_count to zero) or use an external
resolver implementation instead.

  ELA-835-1 pjproject security update

USN-6024-1: Linux kernel vulnerabilities

TypeScript 5.1 Beta released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...