Debian Security Advisory DSA-3964-1 email@example.com https://www.debian.org/security/ Moritz Muehlenhoff September 04, 2017 https://www.debian.org/security/faq
Package : asterisk CVE ID : CVE-2017-14099 CVE-2017-14100
Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands.
For additional information please refer to the upstream advisories: http://downloads.asterisk.org/pub/security/AST-2017-005.html http://downloads.asterisk.org/pub/security/AST-2017-006.html
For the oldstable distribution (jessie), these problems have been fixed in version 1:11.13.1~dfsg-2+deb8u3.
For the stable distribution (stretch), these problems have been fixed in version 1:13.14.1~dfsg-2+deb9u1.
We recommend that you upgrade your asterisk packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: firstname.lastname@example.org