--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-a63e807450
2024-03-23 00:20:56.400411
--------------------------------------------------------------------------------

Name        : baresip
Product     : Fedora 40
Version     : 3.10.1
Release     : 1.fc40
URL         : https://github.com/baresip/baresip
Summary     : Modular SIP user-agent with audio and video support
Description :
A modular SIP user-agent with support for audio and video, and many IETF
standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and
IPv6.

Additional modules provide support for audio codecs like Codec2, G.711,
G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer,
JACK Audio Connection Kit, Portaudio, and PulseAudio, video codecs like
AV1, VP8 or VP9, video sources like Video4Linux, video outputs like SDL2
or X11, NAT traversal via STUN, TURN, ICE, and NAT-PMP, media encryption
via TLS, SRTP or DTLS-SRTP, management features like embedded web-server
with HTTP interface, command-line console and interface, and MQTT.

--------------------------------------------------------------------------------
Update Information:

Baresip v3.10.1 (2024-03-12)
Security Release (possible Denial of Service): A wrong or manipulated incoming
RTP Timestamp can cause the baresip process to hang forever, for details see:
#2954
aureceiver: fix mtx_unlock on discard
Baresip v3.10.0 (2024-03-06)
cmake: use default value for CMAKE_C_EXTENSIONS
cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake
test/main: fix NULL pointer arg on err
ci: add Fedora workflow to avoid e.g. rpath issues
mediatrack/start: add audio_decoder_set
config: support distribution-specific/default CA paths
readme: cosmetic changes
ci/fedora: fix dependency
config: add default CA path for Android
transp,tls: add TLS client verification
account,message,ua: secure incoming SIP MESSAGEs
aufile: avoid race condition in case of fast destruction
aufile: join thread if write fails
video: add video_req_keyframe api
call: start streams in sipsess_estab_handler
webrtc: add av1 codec
cmake: fix relative source dir find paths
echo: fix re_snprintf pointer ARG
cmake: Add include PATH so that GST is found also on Debian 11
call: improve glare handling
call: set estdir in call_set_media_direction
audio,aur: start audio player after early-video
ctrl_dbus: add busctl example to module documentation
debian: bump to v3.9.0
release v3.10.0
libre v3.10.0 (2024-03-06)
transp: deref qent only if qentp is not set
sipsess: fix doxygen comments
aufile: fix doxygen comment
ci/codeql: bump action v3
misc: text2pcap helpers (RTP/RTCP capturing)
ci/mingw: bump upload/download-artifact and cache versions
transp,tls: add TLS client verification
fmt/text2pcap: cleanup
ci/android: cache openssl build
ci/misc: fix double push/pull runs
fmt/text2pcap: fix coverity return value warning
sipsess/listen: improve glare handling
conf: add conf_get_i32
debian: bump version v3.9.0
sip/transp: reset tcp timeout on websocket receive
release v3.10.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 12 2024 Robert Scheck  3.10.1-1
- Upgrade to 3.10.1 (#2269261)
* Mon Mar 11 2024 Robert Scheck  3.10.0-2
- Added upstream patch to fix mtx_unlock on discard in aureceiver
* Sun Mar 10 2024 Robert Scheck  3.10.0-1
- Upgrade to 3.10.0 (#2268424)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2268236 - libre-3.10.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2268236
  [ 2 ] Bug #2268424 - baresip-3.10.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2268424
  [ 3 ] Bug #2269261 - baresip-3.10.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2269261
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-a63e807450' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 40: baresip 2024-a63e807450

March 23, 2024
Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details...

Summary

A modular SIP user-agent with support for audio and video, and many IETF

standards such as SIP, SDP, RTP/RTCP and STUN/TURN/ICE for both, IPv4 and

IPv6.

Additional modules provide support for audio codecs like Codec2, G.711,

G.722, G.726, GSM, L16, MPA and Opus, audio drivers like ALSA, GStreamer,

JACK Audio Connection Kit, Portaudio, and PulseAudio, video codecs like

AV1, VP8 or VP9, video sources like Video4Linux, video outputs like SDL2

or X11, NAT traversal via STUN, TURN, ICE, and NAT-PMP, media encryption

via TLS, SRTP or DTLS-SRTP, management features like embedded web-server

with HTTP interface, command-line console and interface, and MQTT.

Update Information:

Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954 aureceiver: fix mtx_unlock on discard Baresip v3.10.0 (2024-03-06) cmake: use default value for CMAKE_C_EXTENSIONS cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake test/main: fix NULL pointer arg on err ci: add Fedora workflow to avoid e.g. rpath issues mediatrack/start: add audio_decoder_set config: support distribution-specific/default CA paths readme: cosmetic changes ci/fedora: fix dependency config: add default CA path for Android transp,tls: add TLS client verification account,message,ua: secure incoming SIP MESSAGEs aufile: avoid race condition in case of fast destruction aufile: join thread if write fails video: add video_req_keyframe api call: start streams in sipsess_estab_handler webrtc: add av1 codec cmake: fix relative source dir find paths echo: fix re_snprintf pointer ARG cmake: Add include PATH so that GST is found also on Debian 11 call: improve glare handling call: set estdir in call_set_media_direction audio,aur: start audio player after early-video ctrl_dbus: add busctl example to module documentation debian: bump to v3.9.0 release v3.10.0 libre v3.10.0 (2024-03-06) transp: deref qent only if qentp is not set sipsess: fix doxygen comments aufile: fix doxygen comment ci/codeql: bump action v3 misc: text2pcap helpers (RTP/RTCP capturing) ci/mingw: bump upload/download-artifact and cache versions transp,tls: add TLS client verification fmt/text2pcap: cleanup ci/android: cache openssl build ci/misc: fix double push/pull runs fmt/text2pcap: fix coverity return value warning sipsess/listen: improve glare handling conf: add conf_get_i32 debian: bump version v3.9.0 sip/transp: reset tcp timeout on websocket receive release v3.10.0

Change Log

* Tue Mar 12 2024 Robert Scheck 3.10.1-1 - Upgrade to 3.10.1 (#2269261) * Mon Mar 11 2024 Robert Scheck 3.10.0-2 - Added upstream patch to fix mtx_unlock on discard in aureceiver * Sun Mar 10 2024 Robert Scheck 3.10.0-1 - Upgrade to 3.10.0 (#2268424)

References

[ 1 ] Bug #2268236 - libre-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268236 [ 2 ] Bug #2268424 - baresip-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268424 [ 3 ] Bug #2269261 - baresip-3.10.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2269261

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a63e807450' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : baresip
Product : Fedora 40
Version : 3.10.1
Release : 1.fc40
URL : https://github.com/baresip/baresip
Summary : Modular SIP user-agent with audio and video support

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved