[SECURITY] [DSA 2550-1] asterisk security update

2012-09-18T17:19:18
ID DEBIAN:DSA-2550-1:D149A
Type debian
Reporter Debian
Modified 2012-09-18T17:19:18

Description


Debian Security Advisory DSA-2550-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff September 18, 2012 http://www.debian.org/security/faq


Package : asterisk Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-2186 CVE-2012-3812 CVE-2012-3863 CVE-2012-4737

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.

More detailed information can be found in the Asterisk advisories: http://downloads.asterisk.org/pub/security/AST-2012-010.html http://downloads.asterisk.org/pub/security/AST-2012-011.html http://downloads.asterisk.org/pub/security/AST-2012-012.html http://downloads.asterisk.org/pub/security/AST-2012-013.html

For the stable distribution (squeeze), these problems have been fixed in version 1:1.6.2.9-2+squeeze7.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1:1.8.13.1~dfsg-1.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org