ELA-835-1 pjproject security update
Package : pjproject
ELA-835-1 pjproject security update
Version : 2.5.5~dfsg-6+deb9u9 (stretch)
Related CVEs :
CVE-2023-27585
PJSIP is a free and open source multimedia communication library written in C.
A buffer overflow vulnerability affects applications that use PJSIP DNS
resolver. It doesn’t affect PJSIP users who do not utilise PJSIP DNS resolver.
This vulnerability is related to CVE-2022-24793. The difference is that this
issue is in parsing the query record parse_query(), while the issue in
CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in
PJSIP config (by setting nameserver_count to zero) or use an external
resolver implementation instead.
A pjproject security update has been released for Debian GNU/Linux 9 Extended LTS to address a buffer overflow vulnerability.