Detections
Analytics

Fedora 40 : baresip / libre (2024-a63e807450)

high Nessus Plugin ID 194527

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-a63e807450 advisory.

 # Baresip v3.10.1 (2024-03-12)

 Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: [#2954](https://github.com/baresip/baresip/issues/2954)

 - aureceiver: fix mtx_unlock on discard


 # Baresip v3.10.0 (2024-03-06)

 - cmake: use default value for `CMAKE_C_EXTENSIONS`
 - cmake: add `/usr/{local,}/include/re` and `/usr/{local,}/lib{64,}` to `FindRE.cmake`
 - test/main: fix `NULL` pointer arg on err
 - ci: add Fedora workflow to avoid e.g. rpath issues
 - mediatrack/start: add `audio_decoder_set`
 - config: support distribution-specific/default CA paths
 - readme: cosmetic changes
 - ci/fedora: fix dependency
 - config: add default CA path for Android
 - transp,tls: add TLS client verification
 - account,message,ua: secure incoming SIP MESSAGEs
 - aufile: avoid race condition in case of fast destruction
 - aufile: join thread if write fails
 - video: add `video_req_keyframe` api
 - call: start streams in `sipsess_estab_handler`
 - webrtc: add av1 codec
 - cmake: fix relative source dir find paths
 - echo: fix `re_snprintf` pointer ARG
 - cmake: Add include PATH so that GST is found also on Debian 11
 - call: improve glare handling
 - call: set estdir in `call_set_media_direction`
 - audio,aur: start audio player after early-video
 - ctrl_dbus: add busctl example to module documentation
 - debian: bump to v3.9.0
 - release v3.10.0


 # libre v3.10.0 (2024-03-06)

 - transp: deref `qent` only if `qentp` is not set
 - sipsess: fix doxygen comments
 - aufile: fix doxygen comment
 - ci/codeql: bump action v3
 - misc: text2pcap helpers (RTP/RTCP capturing)
 - ci/mingw: bump upload/download-artifact and cache versions
 - transp,tls: add TLS client verification
 - fmt/text2pcap: cleanup
 - ci/android: cache openssl build
 - ci/misc: fix double push/pull runs
 - fmt/text2pcap: fix coverity return value warning
 - sipsess/listen: improve glare handling
 - conf: add `conf_get_i32`
 - debian: bump version v3.9.0
 - sip/transp: reset tcp timeout on websocket receive
 - release v3.10.0



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected baresip and / or libre packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2024-a63e807450

Plugin Details

Severity: High

ID: 194527

File Name: fedora_2024-a63e807450.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/29/2024

Updated: 11/14/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:40, p-cpe:/a:fedoraproject:fedora:baresip, p-cpe:/a:fedoraproject:fedora:libre

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/10/2024

Vulnerability Publication Date: 3/10/2024

Reference Information