Updated libosip2 packages fix security vulnerabilities

2017-06-1416:50:35

Gentoo Foundation

advisories.mageia.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.0%

JSON

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c (CVE-2016-10324). In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS (CVE-2016-10325). In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS (CVE-2016-10326). In libosip2 in GNU 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS (CVE-2017-7853).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchlibosip2< 5.0.0-2libosip2-5.0.0-2.mga5
Mageia5noarchsiproxd< 0.8.1-14.3siproxd-0.8.1-14.3.mga5
Mageia5noarchexosip< 4.0.0-4.2exosip-4.0.0-4.2.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	libosip2	< 5.0.0-2	libosip2-5.0.0-2.mga5
Mageia	5	noarch	siproxd	< 0.8.1-14.3	siproxd-0.8.1-14.3.mga5
Mageia	5	noarch	exosip	< 4.0.0-4.2	exosip-4.0.0-4.2.mga5