-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.0013
                        resiprocate security update
                              4 January 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           resiprocate
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-12584 CVE-2017-11521 

Reference:         ESB-2018.2146

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2865

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2865-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
December 29, 2021                             https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : resiprocate
Version        : 1:1.11.0~beta1-3+deb9u2
CVE ID         : CVE-2017-11521 CVE-2018-12584
Debian Bug     : 869404 905495

Two vulnerabilities were fixed in the reSIProcate SIP stack.

CVE-2017-11521

    The SdpContents::Session::Medium::parse function allowed remote 
    attackers to cause a denial of service.

CVE-2018-12584

    The ConnectionBase::preparseNewBytes function allowed remote 
    attackers to cause a denial of service or possibly execute arbitrary 
    code when TLS communication is enabled.

For Debian 9 stretch, these problems have been fixed in version
1:1.11.0~beta1-3+deb9u2.

We recommend that you upgrade your resiprocate packages.

For the detailed security status of resiprocate please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/resiprocate

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHMaVgACgkQiNJCh6LY
mLFOUhAAtfuH7ymIjfJOtlgw0Z3ivQ3t/4QD2wE0/DNhsdKLrvuwlNcljz+QO/Va
ux86u72ATrvNUj9w3hu7OnXlgvzCSMNii8/21z0v0ENnXokDoVm0f3kJm3AQBavm
PaYHfhORHYphP4y+fs11RYtDmGyWF5W0uqYa3jC9Vso1/4Kd0PuekcOJt06JZA5W
C1qkOmgWzUN7vRoGRrDRnLS8uNZ95CVCbAtq5dQBwCJ7KO8yNdTZBcjugivLDV82
ipxENbERaTODSIsDx3XMzB1zYb+9NPsStzqsDNPX53ay6HAQ6T+ZGdrQRcwNtKgp
NoYwnVb19YOiebkQd/NvoUCJuoZ1ttJ5MIQ/GzJF3aG/CirZu2VZwire+jXHyCgO
G/lvvRXifjzYaULGpT15G4J9S9GFx78bWtM53aVDHwAZ9nJxl/2XVvyDgFz0ECQz
6cPxaVUO13AV3xgaBZDvG4P0xKGSX1eSQGQtJto+pK4JuvA1fbFfeuwLEQW5MD/w
HzN0WGKnAbku0a4VQDw6rMnZp8glBpoUqNlfECuMVomd6w4zyIwqNhlIf0mJlL1U
2fQbC/RrgwUV6ESfotO4+w5CSqaYAOj63WkLP00nNV17F7K1X7GztKbUfB3I+RfJ
22KJg/XAbLSCmwhGZQY2MggsBSDrztO97WXMZtHftyPEi9J2FKQ=
=uuTe
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYdOiE+NLKJtyKPYoAQhvlQ/9EBU/maqL2ZgsnaM/fIrBtKdBaqAWsgL/
N87OgFa+6dShoPXUuqUncLYVZqRwbY9GB278tdu8wYbwOtvwxfKEwz5fPKjPdsbC
Ijr/g+D02ckbb4mefXmehh88NSTm//aFtFUii7D3gVtBozTmEU7qyhtzIMT6O5sx
krP3UWT5IjhW0fz7K4LRMHCisebQc1GMORe0u9S5iu85frEOouw8Js56ia9wey14
s26u/u1KkJuBvZ1XC0rn4cXx1a2/wzwFgpBX5bE6lmG4bQf5Rtsu0B54r3bYEpAz
yvqmxqb3Rj2yWU/o7rfjc0WqXZkcjOvHofJFAzlNNw3MmZWmBpvUo8lyQ5fxKrCQ
4eYQIB405G0HTfn+rF+Oo5+8TlaWMaRuNBWqiJ8hbUNDZx9/NNfZV5AYctI5sJ9R
TIw4x/MHTcGvCoiL0bTSlr5k1TE4wWC6JDLTn3nHPthOFU0qSCOvSxO5iqI6zJAe
WJjzejrVKuCWGq85EswXkC0pfLMDzgHkopLe1RqDJrKg7I+ZxD3QftSadNrHnmlT
V+vqXOaT1yQglE65UEnS2LxXP1xyxZJX8VSP5FUlHOIk/OOE6zTN8OSiCrRQ0lTQ
QD0vUhRdkjblQdWnw1eFypqeD9TJNgyxEwb4p5qMNjNOINuCPoC8wwvRVPbotpA6
T5AxXrNOHmo=
=eiDT
-----END PGP SIGNATURE-----