Fedora 40 : baresip / libre (2024-a63e807450)

high Nessus Plugin ID 194527

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-a63e807450 advisory.

- # Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see:
[#2954](https://github.com/baresip/baresip/issues/2954) - aureceiver: fix mtx_unlock on discard # Baresip v3.10.0 (2024-03-06) - cmake: use default value for `CMAKE_C_EXTENSIONS` - cmake: add `/usr/{local,}/include/re` and `/usr/{local,}/lib{64,}` to `FindRE.cmake` - test/main: fix `NULL` pointer arg on err - ci: add Fedora workflow to avoid e.g. rpath issues - mediatrack/start: add `audio_decoder_set` - config: support distribution-specific/default CA paths - readme: cosmetic changes - ci/fedora: fix dependency - config: add default CA path for Android - transp,tls: add TLS client verification - account,message,ua: secure incoming SIP MESSAGEs - aufile: avoid race condition in case of fast destruction - aufile: join thread if write fails - video: add `video_req_keyframe` api
- call: start streams in `sipsess_estab_handler` - webrtc: add av1 codec - cmake: fix relative source dir find paths - echo: fix `re_snprintf` pointer ARG - cmake: Add include PATH so that GST is found also on Debian 11 - call: improve glare handling - call: set estdir in `call_set_media_direction` - audio,aur: start audio player after early-video - ctrl_dbus: add busctl example to module documentation
- debian: bump to v3.9.0 - release v3.10.0 # libre v3.10.0 (2024-03-06) - transp: deref `qent` only if `qentp` is not set - sipsess: fix doxygen comments - aufile: fix doxygen comment - ci/codeql:
bump action v3 - misc: text2pcap helpers (RTP/RTCP capturing) - ci/mingw: bump upload/download- artifact and cache versions - transp,tls: add TLS client verification - fmt/text2pcap: cleanup - ci/android: cache openssl build - ci/misc: fix double push/pull runs - fmt/text2pcap: fix coverity return value warning - sipsess/listen: improve glare handling - conf: add `conf_get_i32` - debian:
bump version v3.9.0 - sip/transp: reset tcp timeout on websocket receive - release v3.10.0 (FEDORA-2024-a63e807450)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected baresip and / or libre packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2024-a63e807450

Plugin Details

Severity: High

ID: 194527

File Name: fedora_2024-a63e807450.nasl

Version: 1.0

Type: local

Agent: unix

Published: 4/29/2024

Updated: 4/29/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:40, p-cpe:/a:fedoraproject:fedora:baresip, p-cpe:/a:fedoraproject:fedora:libre

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/10/2024

Vulnerability Publication Date: 3/10/2024

Reference Information