ELA-773-1 pjproject security update

multiple vulnerabilities

2023-01-18
Packagepjproject
Version2.5.5~dfsg-6+deb9u8 (stretch)
Related CVEs CVE-2022-23537 CVE-2022-23547


Multiple security issues were discovered in pjproject, a free and open source multimedia communication library written in C implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE

CVE-2022-23537

Buffer overread when parsing a specially crafted STUN message with
unknown attribute. The vulnerability affects applications that
uses STUN including PJNATH and PJSUA-LIB.

CVE-2022-23547

Possible buffer overread when parsing a certain STUN message.
The vulnerability affects applications that uses STUN including
PJNATH and PJSUA-LIB.


For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u8.

We recommend that you upgrade your pjproject packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.