[SECURITY] [DSA 3964-1] asterisk security update

ID DEBIAN:DSA-3964-1:27F1C
Type debian
Reporter Debian
Modified 2017-09-04T21:32:53


Debian Security Advisory DSA-3964-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 04, 2017 https://www.debian.org/security/faq

Package : asterisk CVE ID : CVE-2017-14099 CVE-2017-14100

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands.

For additional information please refer to the upstream advisories: http://downloads.asterisk.org/pub/security/AST-2017-005.html http://downloads.asterisk.org/pub/security/AST-2017-006.html

For the oldstable distribution (jessie), these problems have been fixed in version 1:11.13.1~dfsg-2+deb8u3.

For the stable distribution (stretch), these problems have been fixed in version 1:13.14.1~dfsg-2+deb9u1.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org