MGASA-2016-0086 Updated asterisk packages fix CVE-2016-2316

Updated asterisk packages fix security vulnerability: chansip in Asterisk Open Source 11.x before 11.21.1, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service file descriptor consumption via vectors related to large...

MGASA-2015-0153 Updated asterisk packages fix CVE-2015-3008

Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte...

MGASA-2015-0010 Updated asterisk packages fix CVE-2014-9374

Updated asterisk packages fix security vulnerability: Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service crash by sending a zero length frame after a non-zero length frame...

MGASA-2014-0490 Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE

Updated asterisk packages fix security vulnerabilities: In Asterisk Open Source 11.x before 11.12.1, when an out of call message, delivered by either the SIP or PJSIP channel driver or the XMPP stack, is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the...

MGASA-2013-0384 Updated asterisk packages fix CVE-2013-7100

Updated asterisk packages fix security vulnerability: Buffer overflow in the unpacksms16 function in apps/appsms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified...