Bug#666944: asterisk: Buffer overflow vulnerability

John Goerzen jgoerzen at complete.org
Mon Apr 2 18:38:40 UTC 2012


Package: asterisk
Version: 1:1.6.2.9-2+squeeze4
Severity: grave
Tags: security squeeze
Justification: user security hole

Per:

http://downloads.asterisk.org/pub/security/AST-2012-002.txt

the asterisk in squeeze is vulnerable to a buffer overflow.

The package in testing may also be vulnerable to:

http://downloads.asterisk.org/pub/security/AST-2012-003.txt



-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages asterisk depends on:
ii  adduser            3.112+nmu2            add and remove users and groups
ii  asterisk-config    1:1.6.2.9-2+squeeze4  Configuration files for Asterisk
ii  asterisk-sounds-ma 1:1.6.2.9-2+squeeze4  Core Sound files for Asterisk (Eng
ii  dahdi              1:2.2.1.1-1           utilities for using the DAHDI kern
ii  libasound2         1.0.23-2.1            shared library for ALSA applicatio
ii  libc-client2007e   8:2007e~dfsg-3.1      c-client library for mail protocol
ii  libc6              2.11.3-2              Embedded GNU C Library: Shared lib
ii  libcap2            1:2.19-3              support for getting/setting POSIX.
ii  libcurl3           7.21.0-2.1+squeeze2   Multi-protocol file transfer libra
ii  libgcc1            1:4.4.5-8             GCC support library
ii  libglib2.0-0       2.24.2-1              The GLib library of C routines
ii  libgmime-2.0-2a    2.2.25-2              MIME library
ii  libgsm1            1.0.13-3              Shared libraries for GSM speech co
ii  libiksemel3        1.2-4                 C library for the Jabber IM platfo
ii  libjack0 [libjack- 1:0.118+svn3796-7     JACK Audio Connection Kit (librari
ii  libldap-2.4-2      2.4.23-7.2            OpenLDAP libraries
ii  liblua5.1-0        5.1.4-5               Simple, extensible, embeddable pro
ii  libncurses5        5.7+20100313-5        shared libraries for terminal hand
ii  libnewt0.52        0.52.11-1             Not Erik's Windowing Toolkit - tex
ii  libogg0            1.2.0~dfsg-1          Ogg bitstream library
ii  libopenais3        1.1.2-2               Standards-based cluster framework 
ii  libopenr2-3        1.3.0-2               MFC/R2 (telephony) call setup libr
ii  libpopt0           1.16-1                lib for parsing cmdline parameters
ii  libpq5             8.4.11-0squeeze1      PostgreSQL C client library
ii  libpri1.4          1.4.11.3-1            Primary Rate ISDN specification li
ii  libradiusclient-ng 0.5.6-1.1             Enhanced RADIUS client library
ii  libresample1       0.1.3-3               real-time audio resampling library
ii  libsdl1.2debian    1.2.14-6.1            Simple DirectMedia Layer
ii  libsnmp15          5.4.3~dfsg-2          SNMP (Simple Network Management Pr
ii  libspandsp2        0.0.6~pre12-1         Telephony signal processing librar
ii  libspeex1          1.2~rc1-1             The Speex codec runtime library
ii  libspeexdsp1       1.2~rc1-1             The Speex extended runtime library
ii  libsqlite0         2.8.17-6              SQLite shared library
ii  libss7-1           1.0.2-1               Signalling System 7 (ss7) library
ii  libssl0.9.8        0.9.8o-4squeeze7      SSL shared libraries
ii  libstdc++6         4.4.5-8               The GNU Standard C++ Library v3
ii  libsybdb5          0.82-7                libraries for connecting to MS SQL
ii  libtiff4           3.9.4-5+squeeze3      Tag Image File Format (TIFF) libra
ii  libtonezone2.0     1:2.2.1.1-1           tonezone library (runtime)
ii  libvorbis0a        1.3.1-1+squeeze1      The Vorbis General Audio Compressi
ii  libvorbisenc2      1.3.1-1+squeeze1      The Vorbis General Audio Compressi
ii  libvpb0            4.2.52-2              Voicetronix telephony hardware use
ii  libx11-6           2:1.3.3-4             X11 client-side library
ii  libxml2            2.7.8.dfsg-2+squeeze3 GNOME XML library
ii  unixodbc           2.2.14p2-1            ODBC tools libraries
ii  zlib1g             1:1.2.3.4.dfsg-3      compression library - runtime

Versions of packages asterisk recommends:
ii  sox                           14.3.1-1   Swiss army knife of sound processi

Versions of packages asterisk suggests:
pn  asterisk-dev        <none>               (no description available)
ii  asterisk-doc        1:1.6.2.9-2+squeeze4 Source code documentation for Aste
pn  asterisk-h323       <none>               (no description available)

-- Configuration Files:
/etc/default/asterisk changed [not included]

-- no debconf information





More information about the Pkg-voip-maintainers mailing list