Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-2605-2:4DD7B
HistoryJan 19, 2013 - 2:01 p.m.

[SECURITY] [DSA 2605-2] asterisk regression update

2013-01-1914:01:19
lists.debian.org
16

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

Debian Security Advisory DSA-2605-2 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
January 19, 2013 http://www.debian.org/security/faq

Package : asterisk
Vulnerability : several issues
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-5976 CVE-2012-5977
Debian Bug : 697230 698112 698118

The security update released in DSA 2605 for Asterisk, caused a
regression that could lead to crashes. Updated packages have now been
made available to correct that behaviour. For reference, the original
advisory text follows.

Several vulnerabilities were discovered in Asterisk, a PBX and telephony
toolkit, that allow remote attackers to perform denial of service
attacks.

For the stable distribution (squeeze), these problems have been fixed in
version 1:1.6.2.9-2+squeeze10.

For the testing distribution (wheezy) and unstable distribution (sid),
these problems will be fixed soon.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6powerpcasterisk-h323< 1:1.6.2.9-2+squeeze9asterisk-h323_1:1.6.2.9-2+squeeze9_powerpc.deb
Debian6ia64asterisk< 1:1.6.2.9-2+squeeze9asterisk_1:1.6.2.9-2+squeeze9_ia64.deb
Debian6allasterisk-dev< 1:1.6.2.9-2+squeeze9asterisk-dev_1:1.6.2.9-2+squeeze9_all.deb
Debian6sparcasterisk< 1:1.6.2.9-2+squeeze9asterisk_1:1.6.2.9-2+squeeze9_sparc.deb
Debian6powerpcasterisk-dbg< 1:1.6.2.9-2+squeeze9asterisk-dbg_1:1.6.2.9-2+squeeze9_powerpc.deb
Debian6allasterisk-config< 1:1.6.2.9-2+squeeze9asterisk-config_1:1.6.2.9-2+squeeze9_all.deb
Debian6armelasterisk< 1:1.6.2.9-2+squeeze9asterisk_1:1.6.2.9-2+squeeze9_armel.deb
Debian6mipsasterisk< 1:1.6.2.9-2+squeeze9asterisk_1:1.6.2.9-2+squeeze9_mips.deb
Debian6armelasterisk-h323< 1:1.6.2.9-2+squeeze9asterisk-h323_1:1.6.2.9-2+squeeze9_armel.deb
Debian6i386asterisk-dbg< 1:1.6.2.9-2+squeeze9asterisk-dbg_1:1.6.2.9-2+squeeze9_i386.deb
Rows per page:
1-10 of 321

Related

nessus 9
fedora 3
openvas 9
debian 1
freebsd 1
securityvulns 3
osv 1
prion 3
cve 3
debiancve 3
ubuntucve 3
checkpoint_advisories 1
gentoo 1
nessus
nessus
Fedora 16 : asterisk-1.8.20.0-1.fc16 (2013-0992)
2013-01-31 00:00:00
Asterisk Peer Multiple Vulnerabilities (AST-2012-014 / AST-2012-015)
2013-02-21 00:00:00
Fedora 17 : asterisk-10.12.0-1.fc17 (2013-0994)
2013-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: asterisk-11.2.0-1.fc18
2013-01-30 00:33:07
[SECURITY] Fedora 16 Update: asterisk-1.8.20.0-1.fc16
2013-01-30 00:55:24
[SECURITY] Fedora 17 Update: asterisk-10.12.0-1.fc17
2013-01-30 00:36:44
openvas
openvas
Fedora Update for asterisk FEDORA-2013-1003
2013-01-31 00:00:00
Fedora Update for asterisk FEDORA-2013-0992
2013-01-31 00:00:00
Debian: Security Advisory (DSA-2605-1)
2013-01-18 00:00:00
debian
debian
[SECURITY] [DSA 2605-1] asterisk security update
2013-01-13 20:36:39
freebsd
freebsd
asterisk -- multiple vulnerabilities
2013-01-02 00:00:00
securityvulns
securityvulns
Asterisk security vulnerabilities
2013-01-05 00:00:00
AST-2012-015: Denial of Service Through Exploitation of Device State Caching
2013-01-05 00:00:00
AST-2012-014: Crashes due to large stack allocations when using TCP
2013-01-05 00:00:00
osv
osv
asterisk - several issues
2013-01-19 00:00:00
prion
prion
Design/Logic Flaw
2013-01-04 15:55:00
Stack overflow
2013-01-04 11:52:00
Design/Logic Flaw
2013-04-01 16:55:00
cve
cve
CVE-2012-5977
2013-01-04 15:55:00
CVE-2012-5976
2013-01-04 11:52:00
CVE-2013-2686
2013-04-01 16:55:00
debiancve
debiancve
CVE-2012-5977
2013-01-04 15:55:00
CVE-2012-5976
2013-01-04 11:52:00
CVE-2013-2686
2013-04-01 16:55:00
ubuntucve
ubuntucve
CVE-2012-5977
2013-01-04 00:00:00
CVE-2012-5976
2013-01-04 00:00:00
CVE-2013-2686
2013-04-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk HTTP Management Interface Stack Overflow (CVE-2012-5976; CVE-2013-2686)
2013-01-20 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2014-01-21 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON
Related for DEBIAN:DSA-2605-2:4DD7B
nessus9fedora3openvas9debian1freebsd1securityvulns3osv1prion3cve3debiancve3ubuntucve3checkpoint_advisories1gentoo1