Bug#484796: asterisk-oh322: CVE-2008-2543 denial of service
Faidon Liambotis
paravoid at debian.org
Fri Jun 6 14:57:14 UTC 2008
reassign 484796 asterisk-ooh323c
close 484796 1.4.7-1
thanks
Nico Golde wrote:
> Package: asterisk-oh323
> Severity: grave
> Tags: security
>
> CVE-2008-2543[0]:
> | The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and
> | Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP
> | port that is intended solely for localhost communication, and
> | interprets some TCP application-data fields as addresses of memory to
> | free, which allows remote attackers to cause a denial of service
> | (daemon crash) via crafted TCP packets.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
This is not for chan_oh323, it's for chan_ooh323(c).
A fixed version was uploaded yesterday.
Thanks,
Faidon
More information about the Pkg-voip-maintainers
mailing list