Bug#666944: asterisk: Buffer overflow vulnerability
John Goerzen
jgoerzen at complete.org
Mon Apr 2 18:38:40 UTC 2012
Package: asterisk
Version: 1:1.6.2.9-2+squeeze4
Severity: grave
Tags: security squeeze
Justification: user security hole
Per:
http://downloads.asterisk.org/pub/security/AST-2012-002.txt
the asterisk in squeeze is vulnerable to a buffer overflow.
The package in testing may also be vulnerable to:
http://downloads.asterisk.org/pub/security/AST-2012-003.txt
-- System Information:
Debian Release: 6.0.4
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages asterisk depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii asterisk-config 1:1.6.2.9-2+squeeze4 Configuration files for Asterisk
ii asterisk-sounds-ma 1:1.6.2.9-2+squeeze4 Core Sound files for Asterisk (Eng
ii dahdi 1:2.2.1.1-1 utilities for using the DAHDI kern
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libc-client2007e 8:2007e~dfsg-3.1 c-client library for mail protocol
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libcurl3 7.21.0-2.1+squeeze2 Multi-protocol file transfer libra
ii libgcc1 1:4.4.5-8 GCC support library
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgmime-2.0-2a 2.2.25-2 MIME library
ii libgsm1 1.0.13-3 Shared libraries for GSM speech co
ii libiksemel3 1.2-4 C library for the Jabber IM platfo
ii libjack0 [libjack- 1:0.118+svn3796-7 JACK Audio Connection Kit (librari
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries
ii liblua5.1-0 5.1.4-5 Simple, extensible, embeddable pro
ii libncurses5 5.7+20100313-5 shared libraries for terminal hand
ii libnewt0.52 0.52.11-1 Not Erik's Windowing Toolkit - tex
ii libogg0 1.2.0~dfsg-1 Ogg bitstream library
ii libopenais3 1.1.2-2 Standards-based cluster framework
ii libopenr2-3 1.3.0-2 MFC/R2 (telephony) call setup libr
ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii libpq5 8.4.11-0squeeze1 PostgreSQL C client library
ii libpri1.4 1.4.11.3-1 Primary Rate ISDN specification li
ii libradiusclient-ng 0.5.6-1.1 Enhanced RADIUS client library
ii libresample1 0.1.3-3 real-time audio resampling library
ii libsdl1.2debian 1.2.14-6.1 Simple DirectMedia Layer
ii libsnmp15 5.4.3~dfsg-2 SNMP (Simple Network Management Pr
ii libspandsp2 0.0.6~pre12-1 Telephony signal processing librar
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libspeexdsp1 1.2~rc1-1 The Speex extended runtime library
ii libsqlite0 2.8.17-6 SQLite shared library
ii libss7-1 1.0.2-1 Signalling System 7 (ss7) library
ii libssl0.9.8 0.9.8o-4squeeze7 SSL shared libraries
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libsybdb5 0.82-7 libraries for connecting to MS SQL
ii libtiff4 3.9.4-5+squeeze3 Tag Image File Format (TIFF) libra
ii libtonezone2.0 1:2.2.1.1-1 tonezone library (runtime)
ii libvorbis0a 1.3.1-1+squeeze1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.3.1-1+squeeze1 The Vorbis General Audio Compressi
ii libvpb0 4.2.52-2 Voicetronix telephony hardware use
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxml2 2.7.8.dfsg-2+squeeze3 GNOME XML library
ii unixodbc 2.2.14p2-1 ODBC tools libraries
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages asterisk recommends:
ii sox 14.3.1-1 Swiss army knife of sound processi
Versions of packages asterisk suggests:
pn asterisk-dev <none> (no description available)
ii asterisk-doc 1:1.6.2.9-2+squeeze4 Source code documentation for Aste
pn asterisk-h323 <none> (no description available)
-- Configuration Files:
/etc/default/asterisk changed [not included]
-- no debconf information
More information about the Pkg-voip-maintainers
mailing list