Lucene search

DebianDEBIAN:DLA-898-1:E6AD5

HistoryApr 16, 2017 - 8:38 p.m.

[SECURITY] [DLA 898-1] libosip2 security update

2017-04-1620:38:13

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Package : libosip2
Version : 3.6.0-4+deb7u1
CVE ID : CVE-2016-10324 CVE-2016-10325 CVE-2016-10326
CVE-2017-7853

CVE-2016-10324
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to
a heap buffer overflow in the osip_clrncpy() function defined in
osipparser2/osip_port.c.

CVE-2016-10325
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a
heap buffer overflow in the _osip_message_to_str() function defined
in osipparser2/osip_message_to_str.c, resulting in a remote DoS.

CVE-2016-10326
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to
a heap buffer overflow in the osip_body_to_str() function defined
in osipparser2/osip_body.c, resulting in a remote DoS.

CVE-2017-7853
In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a
heap buffer overflow in the msg_osip_body_parse() function defined
in osipparser2/osip_message_parse.c, resulting in a remote DoS.

For Debian 7 "Wheezy", these problems have been fixed in version
3.6.0-4+deb7u1.

We recommend that you upgrade your libosip2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8armellibosip2-11< 4.1.0-2+deb8u1libosip2-11_4.1.0-2+deb8u1_armel.deb
Debian7i386libosip2-dev< 3.6.0-4+deb7u1libosip2-dev_3.6.0-4+deb7u1_i386.deb
Debian8s390xlibosip2-dev< 4.1.0-2+deb8u1libosip2-dev_4.1.0-2+deb8u1_s390x.deb
Debian8kfreebsd-amd64libosip2-11< 4.1.0-2+deb8u1libosip2-11_4.1.0-2+deb8u1_kfreebsd-amd64.deb
Debian7armhflibosip2-dev< 3.6.0-4+deb7u1libosip2-dev_3.6.0-4+deb7u1_armhf.deb
Debian7armhflibosip2-7< 3.6.0-4+deb7u1libosip2-7_3.6.0-4+deb7u1_armhf.deb
Debian8arm64libosip2-11< 4.1.0-2+deb8u1libosip2-11_4.1.0-2+deb8u1_arm64.deb
Debian7alllibosip2< 3.6.0-4+deb7u1libosip2_3.6.0-4+deb7u1_all.deb
Debian8amd64libosip2-dev< 4.1.0-2+deb8u1libosip2-dev_4.1.0-2+deb8u1_amd64.deb
Debian8kfreebsd-amd64libosip2-dev< 4.1.0-2+deb8u1libosip2-dev_4.1.0-2+deb8u1_kfreebsd-amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armel	libosip2-11	< 4.1.0-2+deb8u1	libosip2-11_4.1.0-2+deb8u1_armel.deb
Debian	7	i386	libosip2-dev	< 3.6.0-4+deb7u1	libosip2-dev_3.6.0-4+deb7u1_i386.deb
Debian	8	s390x	libosip2-dev	< 4.1.0-2+deb8u1	libosip2-dev_4.1.0-2+deb8u1_s390x.deb
Debian	8	kfreebsd-amd64	libosip2-11	< 4.1.0-2+deb8u1	libosip2-11_4.1.0-2+deb8u1_kfreebsd-amd64.deb
Debian	7	armhf	libosip2-dev	< 3.6.0-4+deb7u1	libosip2-dev_3.6.0-4+deb7u1_armhf.deb
Debian	7	armhf	libosip2-7	< 3.6.0-4+deb7u1	libosip2-7_3.6.0-4+deb7u1_armhf.deb
Debian	8	arm64	libosip2-11	< 4.1.0-2+deb8u1	libosip2-11_4.1.0-2+deb8u1_arm64.deb
Debian	7	all	libosip2	< 3.6.0-4+deb7u1	libosip2_3.6.0-4+deb7u1_all.deb
Debian	8	amd64	libosip2-dev	< 4.1.0-2+deb8u1	libosip2-dev_4.1.0-2+deb8u1_amd64.deb
Debian	8	kfreebsd-amd64	libosip2-dev	< 4.1.0-2+deb8u1	libosip2-dev_4.1.0-2+deb8u1_kfreebsd-amd64.deb