[SECURITY] [DLA 1523-1] asterisk security update

Package : asterisk Version : 1:11.13.1dfsg-2+deb8u6 CVE ID : CVE-2018-17281 Debian Bug : 909554 Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the reshttpwebsocket.so module that allowed remote attackers to crash Asterisk via special...

CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

Stack overflow

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

CVE-2018-17281

CVE-2018-17281 affects the Asterisk res_http_websocket.so module and allows an attacker to crash Asterisk by sending a crafted HTTP Upgrade request to websocket. Affected: Asterisk up to 13.23.0, 14.7.x up to 14.7.7, 15.x up to 15.6.0, and Certified Asterisk up to 13.21-cert2. Consequences: denia...

Asterisk DoS Vulnerability (AST-2018-009)

Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...