Packages
- pjproject - multimedia communication library
Details
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP messages. A remote attacker could possibly
use this issue to cause PJSIP to crash, resulting in a denial of service.
This issue only affected Ubuntu...
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP messages. A remote attacker could possibly
use this issue to cause PJSIP to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2018-1000098,
CVE-2018-1000099)
Lauri Vänskä discovered that PJSIP did not verify hostnames when reusing
TLS connections. If a remote attacker were able to intercept communication,
this flaw could possibly be exploited to view sensitive information.
(CVE-2020-15260)
It was discovered that PJSIP did not properly handle certain sequences of
SDP messages. A remote attacker could possibly use this issue to cause
PJSIP to crash, resulting in a denial of service. (CVE-2021-21375)
It was discovered that the SSL socket implementation in PJSIP contained a
race condition. A remote attacker could possibly use this issue to cause
PJSIP to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 18.04 LTS. (CVE-2021-32686)
It was discovered that PJSIP did not properly parse certain STUN messages.
A remote attacker could use this issue to cause PJSIP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2021-37706)
Uriya Yavnieli discovered that PJSIP did not properly manage memory under
certain conditions. A remote attacker could use this issue to cause PJSIP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303)
It was discovered that PJSIP did not properly manage memory when processing
ICE session credentials. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-25994)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 18.04 LTS bionic | libpj2 – 2.7.2~dfsg-1ubuntu0.1~esm1 | ||
| libpjmedia2 – 2.7.2~dfsg-1ubuntu0.1~esm1 | |||
| libpjnath2 – 2.7.2~dfsg-1ubuntu0.1~esm1 | |||
| libpjsip2 – 2.7.2~dfsg-1ubuntu0.1~esm1 | |||
| libpjsua2 – 2.7.2~dfsg-1ubuntu0.1~esm1 | |||
| python-pjproject – 2.7.2~dfsg-1ubuntu0.1~esm1 | |||
| 16.04 LTS xenial | libpj2 – 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 | ||
| libpjmedia2 – 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 | |||
| libpjnath2 – 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 | |||
| libpjsip2 – 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 | |||
| libpjsua2 – 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2026-25994
- CVE-2021-43303
- CVE-2021-43302
- CVE-2021-43301
- CVE-2021-43300
- CVE-2021-43299
- CVE-2021-37706
- CVE-2021-32686
- CVE-2021-21375
- CVE-2020-15260
- CVE-2026-25994
- CVE-2021-43303
- CVE-2021-43302
- CVE-2021-43301
- CVE-2021-43300
- CVE-2021-43299
- CVE-2021-37706
- CVE-2021-32686
- CVE-2021-21375
- CVE-2020-15260
- CVE-2018-1000099
- CVE-2018-1000098
- CVE-2017-16875
- CVE-2017-16872