Debian Security Advisory DSA-2225-1 firstname.lastname@example.org http://www.debian.org/security/ Moritz Muehlenhoff April 25, 2011 http://www.debian.org/security/faq
Package : asterisk Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-1147 CVE-2011-1174 CVE-2011-1175 CVE-2011-1507 CVE-2011-1599
Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit.
Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service of the execution of arbitrary code.
Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service.
Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service.
Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. Please see http://downloads.asterisk.org/pub/security/AST-2011-005.html for details.
Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface.
For the oldstable distribution (lenny), this problem has been fixed in version 1:126.96.36.199~dfsg-3+lenny2.1.
For the stable distribution (squeeze), this problem has been fixed in version 1:188.8.131.52-2+squeeze2.
For the unstable distribution (sid), this problem has been fixed in version 1:184.108.40.206-1.
We recommend that you upgrade your asterisk packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: email@example.com