{"id":"MGASA-2021-0559","summary":"Updated pjproject packages fix security vulnerability","details":"Updated pjproject packages fix security vulnerability:\n\nIn PJSIP before version 2.11.1, there are a couple of issues found in the\nSSL socket. First, a race condition between callback and destroy, due to\nthe accepted socket having no group lock. Second, the SSL socket parent/\nlistener may get destroyed during handshake. Both issues were reported to\nhappen intermittently in heavy load TLS connections. They cause a crash,\nresulting in a denial of service (CVE-2021-32686). \n","modified":"2026-02-04T04:21:19.682084Z","published":"2021-12-19T12:26:08Z","related":["CVE-2021-32686"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0559.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29317"}],"affected":[{"package":{"name":"pjproject","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/pjproject?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10-5.3.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0559.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}