Bug#539473: CVE-2009-2651: Remote Crash Vulnerability in RTP stack
Giuseppe Iuculano
giuseppe at iuculano.it
Sat Aug 1 08:57:33 UTC 2009
Package: asterisk
Version: 1:1.6.2.0~dfsg~beta3-1
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for asterisk.
CVE-2009-2651[0]:
| main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote
| attackers to cause a denial of service (crash) via an RTP text frame
| without a certain delimiter, which triggers a NULL pointer dereference
| and the subsequent calculation of an invalid pointer.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651
http://security-tracker.debian.net/tracker/CVE-2009-2651
http://downloads.asterisk.org/pub/security/AST-2009-004.html
Patch: http://downloads.asterisk.org/pub/security/AST-2009-004-1.6.1.diff.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp0A3oACgkQNxpp46476arl4ACdH0o5O/dZ4iQfOEEeMIWrKGVa
zEMAnjHCiRqFue+b7dRArjbCINLwLTXJ
=plQS
-----END PGP SIGNATURE-----
More information about the Pkg-voip-maintainers
mailing list