Lucene search

Gentoo FoundationGLSA-201405-05

HistoryMay 03, 2014 - 12:00 a.m.

Asterisk: Denial of service

2014-05-0300:00:00

Gentoo Foundation

security.gentoo.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.63 Medium

EPSS

Percentile

97.8%

JSON

Background

Asterisk is an open source telephony engine and toolkit.

Description

Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.

Impact

A remote attacker could possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Asterisk 11.* users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-11.8.1"

All Asterisk 1.8.* users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-1.8.26.1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/asterisk< 11.8.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-misc/asterisk	< 11.8.1	UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.63 Medium

EPSS

Percentile

97.8%

JSON

Related for GLSA-201405-05