Bug#651552: CVE-2011-4598: DoS
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Dec 11 15:09:21 UTC 2011
On Fri, Dec 09, 2011 at 09:47:04PM +0100, Moritz Muehlenhoff wrote:
> Source: asterisk
> Severity: grave
> Tags: security
>
> Please see http://downloads.asterisk.org/pub/security/AST-2011-014.html
> This has been assigned CVE-2011-4598.
What about the pending fixes for #630381 and #639821 ?
>
> There's also http://downloads.asterisk.org/pub/security/AST-2011-013.html,
> (CVE-2011-4597), which seems rather esoteric and can likely be ignored
> for stable.
This configuration is actually rather common. The bug did not mention
it, but the fix included a patch that changes the default value of the
configugration and also adds a nasty warning if global value does not
match the peer/user entry.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list