Bug#364195: CVE-2006-1827: arbitrary code execution
Kilian Krause
kilian at debian.org
Fri Apr 21 20:41:13 UTC 2006
Hi Stefan,
Am Freitag, den 21.04.2006, 22:24 +0200 schrieb Stefan Fritsch:
> Package: asterisk
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> CVE-2006-1827:
> Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and
> earlier allows remote attackers to execute arbitrary code via a length
> value that passes a length check as a negative number, but triggers a
> buffer overflow when it is used as an unsigned length.
>
> This is fixed in 1.2.7.
well, 1.2.7 is unlikely to hit Sarge, we'll try to include the fix
http://svn.digium.com/view/asterisk/branches/1.2/formats/format_jpeg.c?r1=7221&r2=18436&diff_format=u
into the sarge package and propose it to the security team as we have it
ready.
For SID and Etch, we have just rolled out 1.2.7.1 into unstable today
which will sooner or later hit Etch and implicitly fix this.
--
Best regards,
Kilian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20060421/d1878cc1/attachment.pgp
More information about the Pkg-voip-maintainers
mailing list