Lucene search

DebianDEBIAN:DSA-3990-1:CD2C7

HistoryOct 03, 2017 - 9:32 p.m.

[SECURITY] [DSA 3990-1] asterisk security update

2017-10-0321:32:33

lists.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

Debian Security Advisory DSA-3990-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
October 03, 2017 https://www.debian.org/security/faq

Package : asterisk
CVE ID : CVE-2017-14603

Klaus-Peter Junghann discovered that insufficient validation of RTCP
packets in Asterisk may result in an information leak. Please see the
upstream advisory at
http://downloads.asterisk.org/pub/security/AST-2017-008.html for
additional details.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:11.13.1~dfsg-2+deb8u4.

For the stable distribution (stretch), this problem has been fixed in
version 1:13.14.1~dfsg-2+deb9u2.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9ppc64elasterisk-dahdi< 1:13.14.1~dfsg-2+deb9u2asterisk-dahdi_1:13.14.1~dfsg-2+deb9u2_ppc64el.deb
Debian9armelasterisk-voicemail-odbcstorage-dbgsym< 1:13.14.1~dfsg-2+deb9u2asterisk-voicemail-odbcstorage-dbgsym_1:13.14.1~dfsg-2+deb9u2_armel.deb
Debian8amd64asterisk-mp3< 1:11.13.1~dfsg-2+deb8u4asterisk-mp3_1:11.13.1~dfsg-2+deb8u4_amd64.deb
Debian8powerpcasterisk-mp3< 1:11.13.1~dfsg-2+deb8u4asterisk-mp3_1:11.13.1~dfsg-2+deb8u4_powerpc.deb
Debian9mipselasterisk-vpb< 1:13.14.1~dfsg-2+deb9u2asterisk-vpb_1:13.14.1~dfsg-2+deb9u2_mipsel.deb
Debian8armelasterisk-modules< 1:11.13.1~dfsg-2+deb8u4asterisk-modules_1:11.13.1~dfsg-2+deb8u4_armel.deb
Debian8ppc64elasterisk-mysql< 1:11.13.1~dfsg-2+deb8u4asterisk-mysql_1:11.13.1~dfsg-2+deb8u4_ppc64el.deb
Debian9s390xasterisk-voicemail-odbcstorage< 1:13.14.1~dfsg-2+deb9u2asterisk-voicemail-odbcstorage_1:13.14.1~dfsg-2+deb9u2_s390x.deb
Debian9arm64asterisk-mp3< 1:13.14.1~dfsg-2+deb9u2asterisk-mp3_1:13.14.1~dfsg-2+deb9u2_arm64.deb
Debian9ppc64elasterisk-voicemail-imapstorage< 1:13.14.1~dfsg-2+deb9u2asterisk-voicemail-imapstorage_1:13.14.1~dfsg-2+deb9u2_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	ppc64el	asterisk-dahdi	< 1:13.14.1~dfsg-2+deb9u2	asterisk-dahdi_1:13.14.1~dfsg-2+deb9u2_ppc64el.deb
Debian	9	armel	asterisk-voicemail-odbcstorage-dbgsym	< 1:13.14.1~dfsg-2+deb9u2	asterisk-voicemail-odbcstorage-dbgsym_1:13.14.1~dfsg-2+deb9u2_armel.deb
Debian	8	amd64	asterisk-mp3	< 1:11.13.1~dfsg-2+deb8u4	asterisk-mp3_1:11.13.1~dfsg-2+deb8u4_amd64.deb
Debian	8	powerpc	asterisk-mp3	< 1:11.13.1~dfsg-2+deb8u4	asterisk-mp3_1:11.13.1~dfsg-2+deb8u4_powerpc.deb
Debian	9	mipsel	asterisk-vpb	< 1:13.14.1~dfsg-2+deb9u2	asterisk-vpb_1:13.14.1~dfsg-2+deb9u2_mipsel.deb
Debian	8	armel	asterisk-modules	< 1:11.13.1~dfsg-2+deb8u4	asterisk-modules_1:11.13.1~dfsg-2+deb8u4_armel.deb
Debian	8	ppc64el	asterisk-mysql	< 1:11.13.1~dfsg-2+deb8u4	asterisk-mysql_1:11.13.1~dfsg-2+deb8u4_ppc64el.deb
Debian	9	s390x	asterisk-voicemail-odbcstorage	< 1:13.14.1~dfsg-2+deb9u2	asterisk-voicemail-odbcstorage_1:13.14.1~dfsg-2+deb9u2_s390x.deb
Debian	9	arm64	asterisk-mp3	< 1:13.14.1~dfsg-2+deb9u2	asterisk-mp3_1:13.14.1~dfsg-2+deb9u2_arm64.deb
Debian	9	ppc64el	asterisk-voicemail-imapstorage	< 1:13.14.1~dfsg-2+deb9u2	asterisk-voicemail-imapstorage_1:13.14.1~dfsg-2+deb9u2_ppc64el.deb