Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015

Salvatore Bonaccorso carnil at debian.org
Wed Jan 2 21:56:43 UTC 2013


Package: asterisk
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

the following vulnerabilities were published for asterisk.

CVE-2012-5976[0]:
Crashes due to large stack allocations when using TCP

CVE-2012-5977[1]:
Denial of Service Through Exploitation of Device State Caching

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2012-5976
[1] http://security-tracker.debian.org/tracker/CVE-2012-5977

Please adjust the affected versions in the BTS as needed.

According to the advisories all 1.8.x versions seems affected.

Regards,
Salvatore

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ5K0XAAoJEHidbwV/2GP+4kMQAL2fplVcLBKGn0a03HlCWMdm
Dc0uLrlaSG/YG5jCGOLwyNiNrL/+h1Y1Ld2AaHLInEvoHPTUO4GGTTkdUFWmMxpP
C8EyihsbG/bCYykimfLXBBp+4ndRvXY5akxGRVDLve06uy3NPlerqo6kbslBADgX
BSNRmYOE4J+Zpue2TkcmQSpeFeyClzFYA7viKJP7xXa9OqTCaC+yHRIQqxLOhQl6
9YiHuxaO0IbmeZmrbbrRzuO3qbM1QpRbvkL0Am2IOl4zcYzQGUd7FtbgadtPOL9k
qTwDM2xXNG/3HzbxInX0DnJoIl4tVxpMteNZBUzRrof3dvh7CU2d0Ql5k6GDAyau
r/yrA9SftFD7JZADQPmAT5LonwXplFvLE8AMBDaegeirrSbNayQVbxp4l5rxBpN7
4esfQrWJs0ecmPPCoHoST4uZgelFev7UHWpCE2spOVpBwxBkcDLm1Hl3w0r9WYlk
4ek+XlLPw/Rkhy/75jEBb/k73DTwXSwPX49jedOR1ysic9ADqu3SuYOVrX28/sCr
ZS6V1L5W2kkqETCrgl55jGqG8rJq2QsEMIzJ17HyIdpxe9IVdLzhSzf8yFUo2puG
O1fcqpUHK6uo4Jz8dcd1GnzsJzn/bU9FjczO6SzRMeyQt1fJZlssbQBtxSTuLgYm
MHbhYUTKLs372+Yr1/S5
=dP/T
-----END PGP SIGNATURE-----



More information about the Pkg-voip-maintainers mailing list