[SECURITY] Fedora 44 Update: asterisk-18.26.4-1.fc44

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

Fedora 44 : asterisk (2026-38d71393c1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-38d71393c1 advisory. Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are...

EUVD-2007-6140

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-17664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before...

CVE-2024-57520

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the actioncreateconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory aka directory traversal...

UBUNTU-CVE-2021-32558

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur...

PT-2021-5541 · Asterisk +2 · Asterisk +2

Name of the Vulnerable Software and Affected Versions: Asterisk versions 13.x through 13.38.2 Asterisk versions 16.x through 16.19.0 Asterisk versions 17.x through 17.9.3 Asterisk versions 18.x through 18.5.0 Certified Asterisk versions prior to 16.8-cert10 Description: The issue is related to...

DEBIAN-CVE-2020-35776

A buffer overflow in respjsipdiversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses...

CVE-2016-7550

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service remote...

DEBIAN-CVE-2009-4055

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of...

CVE-2008-1923

The IAX2 channel driver chaniax2 in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service traffic...

Asterisk <= 1.2.16 / 1.4.1 SIP INVITE Remote Denial of Service Exploit

No description provided by source. !/usr/bin/perl perl asterisk-Invite.pl 192.168.1.104 5060 userX 192.168.1.2 5060 userY use IO::Socket::INET; die "Usage $0 dst dport dusername src sport susername" unless $ARGV5; $socket=new IO::Socket::INET-newPeerPort=$ARGV1, Proto='udp', PeerAddr=$ARGV0;...

Asterisk Skinny Channel Driver (chan_skinny) get_input Function Remote Overflow

The chanskinny channel driver included in the version of Asterisk running on the remote host does not properly validate the length header in incoming packets. An unauthenticated, remote attacker may be able to leverage this flaw to execute code on the affected host subject to the privileges under...