Source: asterisk Version: 1:13.17.2~dfsg-1 Severity: important Tags: patch security upstream Forwarded: https://issues.asterisk.org/jira/browse/ASTERISK-27337
Hi, the following vulnerability was published for asterisk. CVE-2017-16671[0]: | A Buffer Overflow issue was discovered in Asterisk Open Source 13 | before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified | Asterisk 13.13 before 13.13-cert7. No size checking is done when | setting the user field for Party B on a CDR. Thus, it is possible for | someone to use an arbitrarily large string and write past the end of | the user field storage buffer. NOTE: this is different from | CVE-2017-7617, which was only about the Party A buffer. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16671 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671 [1] https://issues.asterisk.org/jira/browse/ASTERISK-27337 [2] http://downloads.asterisk.org/pub/security/AST-2017-010.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
