Bug#631448: asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote pointers

Tzafrir Cohen tzafrir at debian.org
Thu Jun 23 23:12:43 UTC 2011


Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole

A memory address was inadvertently transmitted over the network via IAX2
via an option control frame and the remote party would try to access it.

This applies only to version 1.8 in Wheezy/Sid and not to the versions in
Lenny and Squeeze. The advisory does apply to some newer versions of
Asterisk 1.4 and 1.6.2, but not to the older versions used in Lenny and
Squeeze, respectively.

For more information, see
http://downloads.asterisk.org/pub/security/AST-2011-010.html





More information about the Pkg-voip-maintainers mailing list