Control: retitle -1 asterisk: chan_sip: File descriptors leak (UDP sockets) / 
AST-2016-007, CVE-2016-7551
Control: found -1 1:13.7.2~dfsg-1

If I understand the jira tracker correctly, the patch available from
will solve this issue.

The security problem seem to be that "a peer which is authorized to sent
SIP INVITE to an asterisk configured with chan_sip using overlap dialing
can then create a denial-of-service attack by exhausting all the file
descriptors available for the asterisk process."

Is that significant enough for a stable update?  I guess so.

According to the upstream tracker, the problem was first discovered in
version 13.5.  Updating the BTS version tracking with the first Debian
version after that.

Happy hacking
Petter Reinholdtsen

Reply via email to