Bug#1029654: marked as done (sofia-sip: CVE-2023-22741: heap-over-flow in stun_parse_attribute)

[Debian Bug Tracking System]

Your message dated Wed, 08 Feb 2023 09:37:04 +0000
with message-id <e1ppgsy-009sva...@fasolo.debian.org>
and subject line Bug#1029654: fixed in sofia-sip 
1.12.11+20110422.1+1e14eea~dfsg-4
has caused the Debian Bug report #1029654,
regarding sofia-sip: CVE-2023-22741: heap-over-flow in stun_parse_attribute
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1029654: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029654
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: sofia-sip
Version: 1.12.11+20110422.1+1e14eea~dfsg-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for sofia-sip.

CVE-2023-22741[0]:
| Sofia-SIP is an open-source SIP User-Agent library, compliant with the
| IETF RFC3261 specification. In affected versions Sofia-SIP **lacks
| both message length and attributes length checks** when it handles
| STUN packets, leading to controllable heap-over-flow. For example, in
| stun_parse_attribute(), after we get the attribute's type and length
| value, the length will be used directly to copy from the heap,
| regardless of the message's left size. Since network users control the
| overflowed length, and the data is written to heap chunks later,
| attackers may achieve remote code execution by heap grooming or other
| exploitation methods. The bug was introduced 16 years ago in sofia-sip
| 1.12.4 (plus some patches through 12/21/2006) to in tree libs with
| git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774
| d0543943-73ff-0310-b7d9-9358b9ac24b2. Users are advised to upgrade.
| There are no known workarounds for this vulnerability.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-22741
    https://www.cve.org/CVERecord?id=CVE-2023-22741
[1] 
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
[2] 
https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: sofia-sip
Source-Version: 1.12.11+20110422.1+1e14eea~dfsg-4
Done: Evangelos Ribeiro Tzaras <devrtz-deb...@fortysixandtwo.eu>

We believe that the bug you reported is fixed in the latest version of
sofia-sip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1029...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Evangelos Ribeiro Tzaras <devrtz-deb...@fortysixandtwo.eu> (supplier of updated 
sofia-sip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Feb 2023 09:46:57 +0100
Source: sofia-sip
Architecture: source
Version: 1.12.11+20110422.1+1e14eea~dfsg-4
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Evangelos Ribeiro Tzaras <devrtz-deb...@fortysixandtwo.eu>
Closes: 1029654
Changes:
 sofia-sip (1.12.11+20110422.1+1e14eea~dfsg-4) unstable; urgency=high (fixes a 
CVE)
 .
   * Rename patches to indicate they have been picked from upstream
   * Add patch to fix reported CVE; add copyright of patch.
     For further information see:
     - CVE-2023-22741[0]
     [0] https://security-tracker.debian.org/tracker/CVE-2023-22741
         https://www.cve.org/CVERecord?id=CVE-2023-22741
     closes: bug#1029654, thanks to Salvatore Bonaccorso for reporting
Checksums-Sha1:
 de4c51f80af541faeaa2f58cd3e45335d9409584 2675 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4.dsc
 38a98525619ecc53fef59dc48347b0e5afe1dd47 1172172 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg.orig.tar.xz
 078231709f2caa2098edbaccbc4c41a3628867f4 31520 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4.debian.tar.xz
 9797444b4bba6f47759ca046d1fcf39d52993451 8008 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4_source.buildinfo
Checksums-Sha256:
 4721f2b39fbf1f2e459448695dfcf4bbed76c6974afcb2d9a2663f4592d88c02 2675 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4.dsc
 9aedd1f013d705488a77fcdf19b949906f542cdd9830a7847da8075b3164db09 1172172 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg.orig.tar.xz
 b1a54ccafb40ac254a4f4e4536b73598fb7afc8588913502ff7b0888f4d15446 31520 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4.debian.tar.xz
 d39032f2898c526197512a6fa652e84436d8ba0e26e279ec118ea27764342a2d 8008 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4_source.buildinfo
Files:
 b46fe624d477776196490a5861a81ea6 2675 net optional 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4.dsc
 4c6e371ce4b1acb195d0a5069f90dfd3 1172172 net optional 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg.orig.tar.xz
 db4285697c0311849028e138a98ef3a7 31520 net optional 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4.debian.tar.xz
 7bced0fbb1b467bac0bbe4f44eaf2c55 8008 net optional 
sofia-sip_1.12.11+20110422.1+1e14eea~dfsg-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJUBAEBCgA+FiEEuThlVLfdJmvLjimpkPDJsYprShkFAmPjZ34gHGRldnJ0ei1k
ZWJpYW5AZm9ydHlzaXhhbmR0d28uZXUACgkQkPDJsYprShk1Bw/+MSkDUQbXCXA/
MEtJbZvX+NwoGh1lLhRus8Z4NgWTrEDC57ibtb1UyYZyLpvVMTcUAXF2bzbUBhOO
1/HpjQKwses3hm0pnDpZ/C0tI4pURzfwcvIQpXSApTQiloKA9aZazTCh/uaTvIlX
M34S8p9Ymye4HIxyzA8X9NN+1FgiNAmgS4v+xM+P7W8C0XU3Tn4XG8tlhBGAy4MO
P3fiJhTgsEmGfbnyOlYC04IR55nivxYGaHuu17SrpcCInGgRfElFi/3+GG873e1Y
TMO0/r1Sk3Iz5sSbI+Eha8RQ0VNspF48dUMPOwdusVeNjLKpUhG2yzVG2TNWUOHJ
YtazQ0Yq/Os9RALTDXap+aSG9UMoC2M34cflkZJW3mJIttjDZP+bsNf2Smbz3y00
gSARqAy2QxGtocj3gTTt/Vg+G9K8q/p3YZQAxdrbUlH+7+1pcUWnYYmM2SoiEnS5
LOBSwDrZf+s/qAe0BO0r2d8Gc+gxYcy3NGW7C5XRUO3NQKetCC8BR1yBOSN0ZEiq
NdJDMLswB7k1SfGLg9JuousDkdG0WUfXwfvfzM4Cl3yxKluRE2b3MxBOG0vKHAC6
ANJgDQRyd55N3ZwjxDMkSfyA4ETIK9VV39jzrxrVV4+VTuYnsBN2LJqWVontY/+6
o28JFqZRc4gjbPUPFFPCoG3F0qNtQYI=
=ddy3
-----END PGP SIGNATURE-----

--- End Message ---