Bug#377460: asterisk: chan_iax2 denial of service attack security
update
supaplex
cvgscote at hotmail.com
Sun Jul 9 07:21:44 UTC 2006
Package: asterisk
Version: 1:1.0.7.dfsg.1-2sarge2
Severity: grave
Justification: user security hole
Please see http://www.asterisk.org/node/95
This affects Asterisk 1.2.9.1 and Asterisk 1.0.11.1. May affect sarge,
but I haven't confirmed it.
FYI, Thanks!
Scott.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.30
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages asterisk depends on:
ii asterisk-config 1:1.0.7.dfsg.1-2sarge2 config files for asterisk
ii asterisk-sounds-m 1:1.0.7.dfsg.1-2sarge2 sound files for asterisk
ii libasound2 1.0.8-3 ALSA library
ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii libgsm1 1.0.10-13 Shared libraries for GSM speech co
ii libncurses5 5.4-4 Shared libraries for terminal hand
ii libnewt0.51 0.51.6-20 Not Erik's Windowing Toolkit - tex
ii libpq3 7.4.7-6sarge1 PostgreSQL C client library
ii libpri1 1.0.7-1 Primary Rate ISDN specification li
ii libspeex1 1.1.6-2 The Speex Speech Codec
ii libsqlite0 2.8.16-1 SQLite shared library
ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries
ii libtonezone1 1:1.0.7-4.1 tonezone library (runtime)
ii unixodbc 2.2.4-11 ODBC tools libraries
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- no debconf information
More information about the Pkg-voip-maintainers
mailing list