asterisk

Several remote vulnerabilities have been discovered in Asterisk, a free
software PBX and telephony toolkit. The Common Vulnerabilities and
Exposures project identifies the following problems:

• CVE-2007-1306
  Mu Security discovered that a NULL pointer dereference in the SIP
  implementation could lead to denial of service.
• CVE-2007-1561
  Inria Lorraine discovered that a programming error in the SIP
  implementation could lead to denial of service.
• CVE-2007-2294
  It was discovered that a NULL pointer dereference in the manager
  interface could lead to denial of service.
• CVE-2007-2297
  It was discovered that a programming error in the SIP implementation
  could lead to denial of service.
• CVE-2007-2488
  Tim Panton and Birgit Arkestein discovered that a programming error
  in the IAX2 implementation could lead to information disclosure.
• CVE-2007-3762
  Russell Bryant discovered that a buffer overflow in the IAX
  implementation could lead to the execution of arbitrary code.
• CVE-2007-3763
  Chris Clark and Zane Lackey discovered that several NULL pointer
  dereferences in the IAX2 implementation could lead to denial of
  service.
• CVE-2007-3764
  Will Drewry discovered that a programming error in the Skinny
  implementation could lead to denial of service.

For the oldstable distribution (sarge) these problems have been fixed in
version 1.0.7.dfsg.1-2sarge5.

For the stable distribution (etch) these problems have been fixed
in version 1:1.2.13~dfsg-2etch1.

For the unstable distribution (sid) these problems have been fixed in
version 1:1.4.11~dfsg-1.

We recommend that you upgrade your Asterisk packages.