Bug#771463: CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417
Daniel Pocock
daniel at pocock.pro
Sun Dec 7 19:07:48 UTC 2014
On 29/11/14 22:33, Moritz Muehlenhoff wrote:
> Source: asterisk
> Severity: grave
> Tags: security
>
> Please see
> http://downloads.digium.com/pub/security/AST-2014-018.html
> http://downloads.digium.com/pub/security/AST-2014-017.html
> http://downloads.digium.com/pub/security/AST-2014-014.html
> http://downloads.digium.com/pub/security/AST-2014-012.html
>
Could you comment on why these are grouped together and why it is a
grave issue?
For people running Asterisk on private LANs and VPNs or not using some
of these features these issues may not have any impact.
Personally, I do not connect Asterisk directly to the public Internet,
it is always behind a secure SIP proxy. This makes the problems in
Asterisk acceptable for my own purposes.
More information about the Pkg-voip-maintainers
mailing list