Gentoo Linux Security Advisory 201401-15 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 11.7.0 are affected.
d5b3fc8ed465d4421b3d81a545983bd6659d93187fad9065936730f85fd097e5Debian Linux Security Advisory 2605-2 - The security update released in DSA 2605 for Asterisk, caused a regression that could lead to crashes. Updated packages have now been made available to correct that behavior.
51c12efbfe4e73991557e6b2242188364e338b13b4cd3dee176fb0534ff5b3f0Debian Linux Security Advisory 2605-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.
e42362badf3265d9356fcd4cdf050c88510bf7b13ca8d4defe28d4c52af1d6ccAsterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11.
0eda4a18f48435624a5845545ce7bded4867ce8731fbb4a94114a41619146e72
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed