Bug#618790: AST-2011-003: Resource exhaustion in Asterisk Manager Interface
Tzafrir Cohen
tzafrir at debian.org
Fri Mar 18 14:14:20 UTC 2011
Package: asterisk
Version: 1:1.6.2.9-2+squeeze2
Justification: AST-2011-003: Resource exhaustion in Asterisk Manager Interface
Severity: serious
Tags: security patch upstream
Rapidly opening manager connections, sending invalid data, and closing the
connection can cause Asterisk to exhaust available CPU and memory resources.
The manager interface is disabled by default in upstream, but enabled
by default (listening on localhost only) in the version in Debian 5.0 (Lenny)
and 6.0 (Squeeze).
See also http://downloads.asterisk.org/pub/security/AST-2011-003.html
Patches are available in SVN (branches 'squeeze' and 'lenny-security').
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the Pkg-voip-maintainers
mailing list