2 matches found
[SECURITY] [DLA 4326-1] asterisk security update
Debian LTS Advisory DLA-4326-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 10, 2025 https://wiki.debian.org/LTS Package : asterisk Version : 1:16.28.0dfsg-0+deb11u8 CVE ID : CVE-2025-1131 CVE-2025-54995 Two security vulnerabilities have been discovered...
CVE-2025-1131
A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...