Debian dla-3887 : jami - security update

critical Nessus Plugin ID 207275

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3887 advisory.

------------------------------------------------------------------------- Debian LTS Advisory DLA-3887-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Snchez September 14, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : ring Version : 20210112.2.b757bac~ds1-1+deb11u1 CVE ID : CVE-2021-32686 CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-21723 CVE-2022-23537 CVE-2022-23547 CVE-2022-23608 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793 CVE-2022-31031 CVE-2022-39244 CVE-2023-27585

Multiple vulnerabilities were found to affect ring, a secure and distributed voice, video, and chat platform.

CVE-2021-32686

The embedded copy of pjproject is affected by this CVE.
A race condition between callback and destroy, due to the accepted socket having no group lock. Additionally, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service.

CVE-2021-37706

The embedded copy of pjproject is affected by this CVE.
If the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim's network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victims machine.

CVE-2021-43299

The embedded copy of pjproject is affected by these CVEs.
An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2021-43300

The embedded copy of pjproject is affected by these CVEs.
An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2021-43301

The embedded copy of pjproject is affected by these CVEs.
An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2021-43302

The embedded copy of pjproject is affected by these CVEs.
An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2021-43303

The embedded copy of pjproject is affected by these CVEs.
An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2021-43804

The embedded copy of pjproject is affected by this CVE.
In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access.

CVE-2021-43845

The embedded copy of pjproject is affected by this CVE.
If incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access.

CVE-2022-21722

The embedded copy of pjproject is affected by this CVE.
There are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access.

CVE-2022-21723

The embedded copy of pjproject is affected by this CVE.
Parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access.

CVE-2022-23537

The embedded copy of pjproject is affected by this CVE.
Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute.

CVE-2022-23547

The embedded copy of pjproject is affected by this CVE.
Possible buffer overread when parsing a certain STUN message.

CVE-2022-23608

The embedded copy of pjproject is affected by this CVE.
When in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop.

CVE-2022-24754

The embedded copy of pjproject is affected by this CVE.
There is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`).

CVE-2022-24763

The embedded copy of pjproject is affected by this CVE.
A denial-of-service vulnerability affects PJSIP users that consume PJSIP's XML parsing in their apps.

CVE-2022-24764

The embedded copy of pjproject is affected by this CVE.
A stack buffer overflow vulnerability affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`.

CVE-2022-24793

The embedded copy of pjproject is affected by this CVE.
A buffer overflow vulnerability in affects applications that use PJSIP DNS resolution.

CVE-2022-31031

The embedded copy of pjproject is affected by this CVE.
A stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API.

CVE-2022-39244

The embedded copy of pjproject is affected by this CVE.
The PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk.

CVE-2023-27585

The embedded copy of pjproject is affected by this CVE.
A buffer overflow vulnerability affects applications that use PJSIP DNS resolver.

For Debian 11 bullseye, these problems have been fixed in version 20210112.2.b757bac~ds1-1+deb11u1.

We recommend that you upgrade your ring packages.

For the detailed security status of ring please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/ring

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the jami packages.

See Also

https://security-tracker.debian.org/tracker/source-package/ring

https://security-tracker.debian.org/tracker/CVE-2021-32686

https://security-tracker.debian.org/tracker/CVE-2021-37706

https://security-tracker.debian.org/tracker/CVE-2021-43299

https://security-tracker.debian.org/tracker/CVE-2021-43300

https://security-tracker.debian.org/tracker/CVE-2021-43301

https://security-tracker.debian.org/tracker/CVE-2021-43302

https://security-tracker.debian.org/tracker/CVE-2021-43303

https://security-tracker.debian.org/tracker/CVE-2021-43804

https://security-tracker.debian.org/tracker/CVE-2021-43845

https://security-tracker.debian.org/tracker/CVE-2022-21722

https://security-tracker.debian.org/tracker/CVE-2022-21723

https://security-tracker.debian.org/tracker/CVE-2022-23537

https://security-tracker.debian.org/tracker/CVE-2022-23547

https://security-tracker.debian.org/tracker/CVE-2022-23608

https://security-tracker.debian.org/tracker/CVE-2022-24754

https://security-tracker.debian.org/tracker/CVE-2022-24763

https://security-tracker.debian.org/tracker/CVE-2022-24764

https://security-tracker.debian.org/tracker/CVE-2022-24793

https://security-tracker.debian.org/tracker/CVE-2022-31031

https://security-tracker.debian.org/tracker/CVE-2022-39244

https://security-tracker.debian.org/tracker/CVE-2023-27585

https://packages.debian.org/source/bullseye/ring

Plugin Details

Severity: Critical

ID: 207275

File Name: debian_DLA-3887.nasl

Version: 1.1

Type: local

Agent: unix

Published: 9/15/2024

Updated: 9/15/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-37706

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-39244

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:jami-daemon, p-cpe:/a:debian:debian_linux:jami

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/14/2024

Vulnerability Publication Date: 7/23/2021

Reference Information

CVE: CVE-2021-32686, CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21722, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244, CVE-2023-27585