Bug#773230: asterisk: CVE-2014-9374
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 15 20:26:41 UTC 2014
Source: asterisk
Version: 1:11.13.0~dfsg-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for asterisk.
CVE-2014-9374[0]:
| Double free vulnerability in the WebSocket Server (res_http_websocket
| module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2,
| and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9
| allows remote attackers to cause a denial of service (crash) by sending
| a zero length frame after a non-zero length frame.
No description was found (try on a search engine)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-9374
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list