[SECURITY] [DSA 4320-1] asterisk security update

2018-10-1621:54:17

lists.debian.org

114

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.617 Medium

EPSS

Percentile

97.8%

JSON

Debian Security Advisory DSA-4320-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
October 16, 2018 https://www.debian.org/security/faq

Package : asterisk
CVE ID : CVE-2018-7284 CVE-2018-7286 CVE-2018-12227 CVE-2018-17281
Debian Bug : 891227 891228 902954 909554

Multiple vulnerabilities have been discovered in Asterisk, an open source
PBX and telephony toolkit, which may result in denial of service or
information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 1:13.14.1~dfsg-2+deb9u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9ppc64elasterisk-voicemail-odbcstorage-dbgsym< 1:13.14.1~dfsg-2+deb9u4asterisk-voicemail-odbcstorage-dbgsym_1:13.14.1~dfsg-2+deb9u4_ppc64el.deb
Debian9mips64elasterisk-ooh323< 1:13.14.1~dfsg-2+deb9u4asterisk-ooh323_1:13.14.1~dfsg-2+deb9u4_mips64el.deb
Debian8allasterisk-dev< 1:11.13.1~dfsg-2+deb8u6asterisk-dev_1:11.13.1~dfsg-2+deb8u6_all.deb
Debian8i386asterisk-voicemail-imapstorage< 1:11.13.1~dfsg-2+deb8u6asterisk-voicemail-imapstorage_1:11.13.1~dfsg-2+deb8u6_i386.deb
Debian9s390xasterisk-voicemail-dbgsym< 1:13.14.1~dfsg-2+deb9u4asterisk-voicemail-dbgsym_1:13.14.1~dfsg-2+deb9u4_s390x.deb
Debian9amd64asterisk-dahdi-dbgsym< 1:13.14.1~dfsg-2+deb9u4asterisk-dahdi-dbgsym_1:13.14.1~dfsg-2+deb9u4_amd64.deb
Debian9ppc64elasterisk-modules< 1:13.14.1~dfsg-2+deb9u4asterisk-modules_1:13.14.1~dfsg-2+deb9u4_ppc64el.deb
Debian9mipselasterisk-mobile< 1:13.14.1~dfsg-2+deb9u4asterisk-mobile_1:13.14.1~dfsg-2+deb9u4_mipsel.deb
Debian9mipselasterisk-voicemail-odbcstorage-dbgsym< 1:13.14.1~dfsg-2+deb9u4asterisk-voicemail-odbcstorage-dbgsym_1:13.14.1~dfsg-2+deb9u4_mipsel.deb
Debian9mips64elasterisk-voicemail< 1:13.14.1~dfsg-2+deb9u4asterisk-voicemail_1:13.14.1~dfsg-2+deb9u4_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	ppc64el	asterisk-voicemail-odbcstorage-dbgsym	< 1:13.14.1~dfsg-2+deb9u4	asterisk-voicemail-odbcstorage-dbgsym_1:13.14.1~dfsg-2+deb9u4_ppc64el.deb
Debian	9	mips64el	asterisk-ooh323	< 1:13.14.1~dfsg-2+deb9u4	asterisk-ooh323_1:13.14.1~dfsg-2+deb9u4_mips64el.deb
Debian	8	all	asterisk-dev	< 1:11.13.1~dfsg-2+deb8u6	asterisk-dev_1:11.13.1~dfsg-2+deb8u6_all.deb
Debian	8	i386	asterisk-voicemail-imapstorage	< 1:11.13.1~dfsg-2+deb8u6	asterisk-voicemail-imapstorage_1:11.13.1~dfsg-2+deb8u6_i386.deb
Debian	9	s390x	asterisk-voicemail-dbgsym	< 1:13.14.1~dfsg-2+deb9u4	asterisk-voicemail-dbgsym_1:13.14.1~dfsg-2+deb9u4_s390x.deb
Debian	9	amd64	asterisk-dahdi-dbgsym	< 1:13.14.1~dfsg-2+deb9u4	asterisk-dahdi-dbgsym_1:13.14.1~dfsg-2+deb9u4_amd64.deb
Debian	9	ppc64el	asterisk-modules	< 1:13.14.1~dfsg-2+deb9u4	asterisk-modules_1:13.14.1~dfsg-2+deb9u4_ppc64el.deb
Debian	9	mipsel	asterisk-mobile	< 1:13.14.1~dfsg-2+deb9u4	asterisk-mobile_1:13.14.1~dfsg-2+deb9u4_mipsel.deb
Debian	9	mipsel	asterisk-voicemail-odbcstorage-dbgsym	< 1:13.14.1~dfsg-2+deb9u4	asterisk-voicemail-odbcstorage-dbgsym_1:13.14.1~dfsg-2+deb9u4_mipsel.deb
Debian	9	mips64el	asterisk-voicemail	< 1:13.14.1~dfsg-2+deb9u4	asterisk-voicemail_1:13.14.1~dfsg-2+deb9u4_mips64el.deb