Your message dated Thu, 07 Dec 2017 15:04:08 +0000
with message-id <[email protected]>
and subject line Bug#883342: fixed in asterisk 1:13.18.3~dfsg-1
has caused the Debian Bug report #883342,
regarding asterisk: CVE-2017-17090: DOS Vulnerability in Asterisk chan_skinny
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
883342: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: asterisk
Version: 1:13.18.1~dfsg-1
X-Debbugs-CC: [email protected]
[email protected]
Severity: grave
Tags: security fixed-upstream upstream
Forwarded: https://issues.asterisk.org/jira/browse/ASTERISK-27452
Hi,
the following vulnerability was published for asterisk.
CVE-2017-17090[0]:
| An issue was discovered in chan_skinny.c in Asterisk Open Source
| 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and
| Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP
| protocol) channel driver is flooded with certain requests, it can cause
| the asterisk process to use excessive amounts of virtual memory,
| eventually causing asterisk to stop processing requests of any kind.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-17090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090
[1] https://issues.asterisk.org/jira/browse/ASTERISK-27452
[2] http://downloads.asterisk.org/pub/security/AST-2017-013.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: asterisk
Source-Version: 1:13.18.3~dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 Dec 2017 15:20:29 +0100
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb
asterisk-voicemail asterisk-voicemail-imapstorage
asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql
asterisk-mobile asterisk-tests asterisk-doc asterisk-dev asterisk-config
Architecture: source
Version: 1:13.18.3~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-tests - internal test modules of the Asterisk PBX
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the
Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the
Asterisk PBX
asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 883342
Changes:
asterisk (1:13.18.3~dfsg-1) unstable; urgency=medium
.
* New upstream version 13.18.3~dfsg
- CVE-2017-17090 / AST-2017-013
DOS Vulnerability in Asterisk chan_skinny (Closes: #883342)
* Drop duplicate filter line from d/gbp.conf
Checksums-Sha1:
8206f7a44506678906afab0e69876fffc132fcc0 4243 asterisk_13.18.3~dfsg-1.dsc
e0b838e5478dfcdac0c20840ec9a77af021b7bf7 6274896
asterisk_13.18.3~dfsg.orig.tar.xz
6711dddc4e56c7d9504e0be511e051988f3d73c8 168724
asterisk_13.18.3~dfsg-1.debian.tar.xz
5bd0248bfe0bfc6758153afa3efe1300e03b3556 27544
asterisk_13.18.3~dfsg-1_amd64.buildinfo
Checksums-Sha256:
871303540da6e8d0cbb9903159d8eab10126ee6849b0701d31c88034bb81303c 4243
asterisk_13.18.3~dfsg-1.dsc
ef99e92fcd77d16e38bc213fcbc9c4d039077dd3a5996e6da33a953a3ba5690d 6274896
asterisk_13.18.3~dfsg.orig.tar.xz
10d414b7adb51ac4c6fcd53c2921bbcd96dd4a46f5fb1c1b23ce438df82d74b1 168724
asterisk_13.18.3~dfsg-1.debian.tar.xz
0720c4d45ec3c6605037bbc6245b2c9f0bd5d0ed198d184b3221e1672e59a5ef 27544
asterisk_13.18.3~dfsg-1_amd64.buildinfo
Files:
932889e86128d672e5821c9cc7daa45b 4243 comm optional asterisk_13.18.3~dfsg-1.dsc
59f6bde377425d2fcc535a5903d805b1 6274896 comm optional
asterisk_13.18.3~dfsg.orig.tar.xz
f21e6694b9cd142707955044c3530521 168724 comm optional
asterisk_13.18.3~dfsg-1.debian.tar.xz
19bed9820275d8ecae8c20c0c4fc2f6d 27544 comm optional
asterisk_13.18.3~dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlopU24RHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJNPvhAAgz7VTzJIFb+ss4u4Pheh7VCaDkafGbV9
qh0jGvILKZBTFLoHTanB8BPXv1lzgl65cMchV+8CcZ9W0uzLhZA2mQAUCC61ZorI
QHvdNse28xka93anfwZPjKVtdqLGSJfggIQzK+X2SYJbywBOuSwDpCzWVlqEKq5i
lPhZdH7wKbZQ1TJt4KZzP/XJjhPfFgcEVgiAmqmhjaDUNQdarYUQIkR4phUWooz5
gY2EniQDqED/etTyyPvADnIgczTZxKFAGSz+QiNyfOtPJahSkVz53pjnsiaRoyi1
QxY92qe3wYycyLagL4Z/OfCSI0XyjbsOqbcsdkVA355u9lgIpVI1KQqO9IoqFnFJ
YSRKEeTEbMf7goeyxHoxk9QfwcpcvTSkWsYlimAtfKxlPveR6IrNLr5wzhezrvN8
kIPHB+rSt1orRoZmTV538NfNjS6GGxgb4DRtVG9cB2I2GF6t8XF0s8SX0XX8H8pS
5qKhbqTO7izxrYG9XPGPhg8MPhXWkuk2Qkye2z4rqKYApZuYpyc76lreDQ0X2M4d
ogyAIUc4Ep3fiBfDkhzzBgYkNs5Yp4cuQR2RC0pl5lzK95fjrTD8dgUAMmoFhiY7
obKJI74deztRnKdsWFa3Sd6isVV0Vl/ae7gbb6gV5EB7lcO7YN0TUxt1DM854xVd
Gpiif/WetRU=
=VpEu
-----END PGP SIGNATURE-----
--- End Message ---
