Debian dla-3549 : jami - security update

critical Nessus Plugin ID 180270

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3549 advisory.

- ------------------------------------------------------------------------- Debian LTS Advisory DLA-3549-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 29, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : ring Version : 20190215.1.f152c98~ds1-1+deb10u2 CVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-21723 CVE-2022-23537 CVE-2022-23547 CVE-2022-23608 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793 CVE-2022-31031 CVE-2022-39244 CVE-2023-27585

Several issue have been found in ring/jami, a secure and distributed voice, video and chat platform.
The issues are about missing boundary checks, resulting in out-of-bound read access, buffer overflow or denial-of-service.

For Debian 10 buster, these problems have been fixed in version 20190215.1.f152c98~ds1-1+deb10u2.

We recommend that you upgrade your ring/jami packages.

For the detailed security status of ring please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/ring

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the jami packages.

Plugin Details

Severity: Critical

ID: 180270

File Name: debian_DLA-3549.nasl

Version: 1.1

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 8/30/2023

Updated: 1/22/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-37706

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-39244

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:jami-daemon, p-cpe:/a:debian:debian_linux:jami, p-cpe:/a:debian:debian_linux:ring, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:ring-daemon

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/29/2023

Vulnerability Publication Date: 12/22/2021

Reference Information

CVE: CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21722, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244, CVE-2023-27585

Detections

Analytics