Gentoo alert 202407-10 (Sofia-SIP)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202407-10 ] Sofia-SIP: Multiple Vulnerabilities | |
| Date: | Fri, 05 Jul 2024 06:02:35 -0000 | |
| Message-ID: | <172015935530.7.7624883669722166775@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Sofia-SIP: Multiple Vulnerabilities Date: July 05, 2024 Bugs: #891791 ID: 202407-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which can lead to remote code execution. Background ========== Sofia-SIP is an RFC3261 compliant SIP User-Agent library. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ net-libs/sofia-sip < 1.13.16 Vulnerable! Description =========== Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Impact ====== Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for the Sofia-SIP package. We recommend that users unmerge it: # emerge --ask --depclean "net-libs/sofia-sip" References ========== [ 1 ] CVE-2023-22741 https://nvd.nist.gov/vuln/detail/CVE-2023-22741 [ 2 ] CVE-2023-32307 https://nvd.nist.gov/vuln/detail/CVE-2023-32307 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202407-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmaHjHsACgkQFMQkOaVy +9neFw//Rtl0fGz5GB7TXC1DRLReIvuhvPqj90JI5wGpCSsS9Khp/2UpjDkknHcU zwWAKiopCjU3BOn1VolfRnDEU2I4VgZ4/dPX8WHe8OcA6j0eJqyL/WY9m720HrLp q8QbAYduwA1tKUeoLkpV5KXBiwmx5VDBasAP0HDP6RqqBoDHa3dUYgbYnxZv8T1H vqzfXgQK3zz5b8LrlCyCiPnxUJQcPLPAsRMHXSurVU20Zx6c2wcllODJv9M9UGa6 nxYls4PV5y7CzJUikyW8vPGtIhMs43un6GPCUidT+5zYOyzTPWPvbsblQg1IHVK2 xgwU+nr6nZ2ayqtdv+snNoqlNz2NjhuATfh6ONUQnYHkFxKSPHRJJtIaGrLOjb2Z 33Ds3c3Tp9e9g4Q+StyW5tp3dPjqsSm2uow2YUYQ1Y7XcFKbLVaKCPKx1B0EQuvC AvHkJwdyNweigYshWihRq06eVueBxIUwy2EI2u2HvT5yYIWA4EWBJvCi5p+9760h egXavCxbyMYuzxi/QXVJVtk/PmA6Jhza4JqwP+c6bCxRATRwmEj6H+oITFuhaUKM a2O9gdkPwAHbUxXE2CnaFDZlX0dOLiygUtkx/XpZthQ1QDSQnwwx635ZEYUjysgB DljnewXzwm9MXPxgm/O9+mZGTpv/PjQ/IUug0uQN5jf9GbJUU3o= =5J1F -----END PGP SIGNATURE-----