Package: asterisk Version: 1:1.2.13~dfsg-2etch3 Severity: grave Tags: pending security etch
There is a possibility to remotely crash an Asterisk server if the server is configured to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname matching attempts to authenticate. http://downloads.digium.com/pub/asa/AST-2008-012.html The advisory mentions that the issue is for versions 1.2.26 - 1.2.30.3 , however it was introduced in a previous bugfix that has already been included in Debian, specifically in AST-2007-027.dpatch that was added in 1:1.2.13~dfsg-2etch3 . I included this patch in http://svn.debian.org/viewsvn/pkg-voip?rev=6581&view=rev -- Tzafrir Cohen icq#16849755 jabber:[email protected] +972-50-7952406 mailto:[email protected] http://www.xorcom.com iax:[email protected]/tzafrir -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
