Bug#780601: asterisk: CVE-2015-1558: File descriptor leak when incompatible codecs are offered
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 16 15:25:10 UTC 2015
Source: asterisk
Version: 1:13.1.0~dfsg-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for asterisk.
CVE-2015-1558[0]:
| Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when
| using the PJSIP channel driver, does not properly reclaim RTP ports,
| which allows remote authenticated users to cause a denial of service
| (file descriptor consumption) via an SDP offer containing only
| incompatible codecs.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-1558
[1] http://downloads.asterisk.org/pub/security/AST-2015-001.html
[2] https://issues.asterisk.org/jira/browse/ASTERISK-24666
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list