Bug#395080: CVE-2006-5444/5:security issues in asterisk
Frédéric Brière
fbriere at fbriere.net
Fri Nov 10 05:35:51 CET 2006
On Fri, Nov 10, 2006 at 04:07:14AM +0000, Brandon Kruse wrote:
> hello, this has been fixed in the latest branch of asterisk (1.2.13)
> and in 1.4
Yes, I know this is fixed in sid. What I want to know is why this
buffer overflow is still present in sarge. The fix seems rather
straightforward, and patches have been proposed in #394025.
> for a temporary fix, ( if its the bug im thinking your talking about )
> just edit /etc/asterisk/modules.conf and noload=>chan_skinny.so
I'm not using chan_skinny, so I'm not actually worried about being
bitten by this particular bug.
However, from what I understand, this is a theoretically exploitable
security bug which has been allowed to sit for three weeks, without any
update nor announcement for sarge users.
*That* is why I'm worried.
--
Frédéric Brière <*> fbriere at fbriere.net
=> <fbriere at abacom.com> IS NO MORE: <http://www.abacomsucks.com> <=
More information about the Pkg-voip-maintainers
mailing list