Source: asterisk Version: 1:13.18.1~dfsg-1 Severity: grave Tags: patch security upstream
Hi, the following vulnerability was published for asterisk. CVE-2017-17664[0]: | A Remote Crash issue was discovered in Asterisk Open Source 13.x before | 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified | Asterisk before 13.13-cert9. Certain compound RTCP packets cause a | crash in the RTCP Stack. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664 [1] http://downloads.digium.com/pub/security/AST-2017-012.html [2] https://issues.asterisk.org/jira/browse/ASTERISK-27382 [3] https://issues.asterisk.org/jira/browse/ASTERISK-27429 Please adjust the affected versions in the BTS as needed. Regards, Salvatore