asterisk -- integer overflow

2006-12-06T00:00:00
ID DSA-1229
Type debian
Reporter Debian
Modified 2006-12-06T00:00:00

Description

Adam Boileau discovered an integer overflow in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version 1.0.7.dfsg.1-2sarge4.

For the unstable distribution (sid) this problem has been fixed in version 1.2.13~dfsg-1.

We recommend that you upgrade your asterisk packages.