—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1790
ring security update
24 May 2021
===========================================================================
AusCERT Security Bulletin Summary
———————————
Product: ring
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21375
Reference: ESB-2021.1396
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/05/msg00020.html
– ————————–BEGIN INCLUDED TEXT——————–
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– – ————————————————————————-
Debian LTS Advisory DLA-2665-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
May 23, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-
Package : ring
Version : 20161221.2.7bd7d91~dfsg1-1+deb9u1
CVE ID : CVE-2021-21375
An issue has been found in ring, a secure and distributed voice, video and
chat platform. Actually the embedded copy of pjproject is affected by this
CVE.
Due to bad handling of two consecutive crafted answers to an INVITE, the
attacker is able to crash the server resulting in a denial of service.
For Debian 9 stretch, this problem has been fixed in version
20161221.2.7bd7d91~dfsg1-1+deb9u1.
We recommend that you upgrade your ring packages.
For the detailed security status of ring please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ring
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmCqaKtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeTfQ//TA/OkWOAXn1K3nBtM7qpsmJhUjPHHRhQF8PTw27cnPgmcoXLKXjdtK8q
i0qmb8DnV2aOmum866X4Po8CzYCZIsVOvlyDEkbyx3dV32oBK8w6i6Ka7Nfp8WeF
TEI2we6iL+Hk83Y2E4sgkfyPYGsLxq+oSQOE9vtphYDbQnUTf3K9WFz4s04/1vB3
vaxJzGQPaWTqa/ukHpKaW3VJAO+n+X2oUpOpbObTLMzKMIF+hYwqKDRYMNGz1Bbp
c/buYBwseQy9DRTg0dvg+9BI02IhtZ64wkiSsYwserwgH0gEm8Kkg4g0oza8PUCx
oeL9P1cw2wj2UpCXm2Ckd5xqbKHhIgcsu75HG5mQVcfQslnH+T44+O8x1uOribLU
fTFDEiDoiFOADSCSDuSYcxwXBNu5pmBQN3EMY+4tPvdphuBLJYYc6bhZceL+aJ4s
lpLHAnW9icFUZH3qAl2t6bldFFbx+6jTTgPaiwx28GJVJHN4Hv3fJPUaGib5/nLL
/b9fYszhKAgdY/cXI7oCOQXkf6emv1NFh33e7vOTSjYDZBuyDNg0jV9WjiXSHhgR
9rQWUsLcztAWRc7lz8E7QOn5YmjGkZ2kQNSU0qD+pmqhybJ+taJD+tbtaTBJhjBG
Bb5MBfrdvfoybL9zxFfYBIwZ5CnLsC9/dxoziwsJwdk6SCpPA58=
=1l+j
– —–END PGP SIGNATURE—–
– ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYKsUgeNLKJtyKPYoAQgjIQ/+PTg8gv5Zrv6UZqzyReZZI0svjReVQIhd
vXCGH1iGe1sW5/KGJ06WLIoyWcxg/viKk88MWF+i4tg7XC/dttKUPcMRDq+YonER
Pv2SIhCftQvHB75d0QWICGdH6AC7Iij3L3Z0tOHgJGjBeXpWzTZdlMjStQebixDd
7eW478ZnPHJw5lrKNG2E/pPrZ3B1VVk3aUXOl3ld/fMe63FF65r5/iDbKMHokGUH
8J0ZeVJoErqoBvqGW9rqyqg5bxYU6cu6OasAzkxxu0U2wvr7e4+TcRGa2Tz/8Qw0
ojO6j1ipu8wjsGyt7H94AI/L0tR6KO1OvPMmssP1JhM13DORGwouS9I2Tr9MdiTq
ePdvsgo3GEN8nGqxapnAvj+FEeEHs3f5T1zsNfSs+MXAD95dInG2WHxGBbmmlYhf
246LJpAWiiCY5SghZt5bXrBJohP6YkqipyQnON9Qlf9yMgMt7sxEmLgrhQqkTQp/
qeh47OFCfUx24kN57o9onXD0dxno9OEFUl5iugDN4VNerzPxjecmqkxrlSldL0Lq
dSL84AxWd1/dTVmnyWP2RDmI1gwCGOgVeitL5D6FJK4kZ5mL4LQNCJt1KW55AfWm
dTcNLSRF9Seb0j2U45cT0ZgGjMg3pIHEhxr7YPwknR0LJbPfY4C7eHJM94jXCgL/
JuhxF2uuLIk=
=IPYi
—–END PGP SIGNATURE—–
The post ESB-2021.1790 – [Debian] ring: Denial of service – Remote with user interaction appeared first on Malware Devil.
https://malwaredevil.com/2021/05/24/esb-2021-1790-debian-ring-denial-of-service-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1790-debian-ring-denial-of-service-remote-with-user-interaction
No comments:
Post a Comment