{"id":"MGASA-2017-0170","summary":"Updated libosip2 packages fix security vulnerabilities","details":"In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a\nheap buffer overflow in the osip_clrncpy() function defined in\nosipparser2/osip_port.c (CVE-2016-10324).\n\nIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a\nheap buffer overflow in the _osip_message_to_str() function defined in\nosipparser2/osip_message_to_str.c, resulting in a remote DoS\n(CVE-2016-10325).\n\nIn libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a\nheap buffer overflow in the osip_body_to_str() function defined in\nosipparser2/osip_body.c, resulting in a remote DoS (CVE-2016-10326).\n\nIn libosip2 in GNU 5.0.0, a malformed SIP message can lead to a heap\nbuffer overflow in the msg_osip_body_parse() function defined in\nosipparser2/osip_message_parse.c, resulting in a remote DoS\n(CVE-2017-7853).\n","modified":"2026-04-16T06:23:26.349546616Z","published":"2017-06-14T13:50:35Z","upstream":["CVE-2016-10324","CVE-2016-10325","CVE-2016-10326","CVE-2017-7853"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0170.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20758"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-04/msg00109.html"}],"affected":[{"package":{"name":"libosip2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libosip2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.0-2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0170.json"}},{"package":{"name":"siproxd","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/siproxd?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.1-14.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0170.json"}},{"package":{"name":"exosip","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/exosip?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.0-4.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0170.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}