Your message dated Wed, 7 Jan 2009 19:39:03 +0100
with message-id <[email protected]>
and subject line closing
has caused the Debian Bug report #509686,
regarding [CVE-2008-5558] remote crash of asterisk with realtime IAX2
users/peers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
509686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509686
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.2.13~dfsg-2etch3
Severity: grave
Tags: pending security etch
There is a possibility to remotely crash an Asterisk server if the
server is configured to use realtime IAX2 users. The issue occurs if
either an unknown user attempts to authenticate or if a user that uses
hostname matching attempts to authenticate.
http://downloads.digium.com/pub/asa/AST-2008-012.html
The advisory mentions that the issue is for versions 1.2.26 - 1.2.30.3 ,
however it was introduced in a previous bugfix that has already been
included in Debian, specifically in AST-2007-027.dpatch that was added
in 1:1.2.13~dfsg-2etch3 .
I included this patch in
http://svn.debian.org/viewsvn/pkg-voip?rev=6581&view=rev
--
Tzafrir Cohen
icq#16849755 jabber:[email protected]
+972-50-7952406 mailto:[email protected]
http://www.xorcom.com iax:[email protected]/tzafrir
--- End Message ---
--- Begin Message ---
Version: 1:1.4.0~dfsg-1
The complete 1.4.x release line is not affected.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpOb4a0lpSoj.pgp
Description: PGP signature
--- End Message ---
