asterisk - several

2011-12-1900:00:00

Google

osv.dev

0.042 Low

EPSS

Percentile

92.3%

JSON

Several vulnerabilities have been discovered in Asterisk, an Open
Source PBX and telephony toolkit:

CVE-2011-4597
Ben Williams discovered that it was possible to enumerate SIP
user names in some configurations. Please see the upstream
advisory for details.

This update only modifies the sample sip.conf configuration
file. Please see README.Debian for more information on how
to update your installation.

CVE-2011-4598
Kristijan Vrban discovered that Asterisk can be crashed with
malformed SIP packets if the automon feature is enabled.

For the oldstable distribution (lenny), this problem has been fixed in
version 1:1.4.21.2~dfsg-3+lenny6.

For the stable distribution (squeeze), this problem has been fixed in
version 1:1.6.2.9-2+squeeze4.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.8.8.0~dfsg-1.

We recommend that you upgrade your asterisk packages.

CPENameOperatorVersion
asteriskeq1:1.4.21.2~dfsg-3
asteriskeq1:1.4.21.2~dfsg-3+lenny1
asteriskeq1:1.4.21.2~dfsg-3+lenny2
asteriskeq1:1.4.21.2~dfsg-3+lenny2.1
asteriskeq1:1.4.21.2~dfsg-3+lenny3
asteriskeq1:1.4.21.2~dfsg-3+lenny5

Name	Operator	Version
asterisk	eq	1:1.4.21.2~dfsg-3
asterisk	eq	1:1.4.21.2~dfsg-3+lenny1
asterisk	eq	1:1.4.21.2~dfsg-3+lenny2
asterisk	eq	1:1.4.21.2~dfsg-3+lenny2.1
asterisk	eq	1:1.4.21.2~dfsg-3+lenny3
asterisk	eq	1:1.4.21.2~dfsg-3+lenny5