-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : asterisk Version : 1:11.13.1~dfsg-2+deb8u6 CVE ID : CVE-2018-17281 Debian Bug : 909554
Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the res_http_websocket.so module that allowed remote attackers to crash Asterisk via specially crafted HTTP requests to upgrade the connection to a websocket. For Debian 8 "Jessie", this problem has been fixed in version 1:11.13.1~dfsg-2+deb8u6. We recommend that you upgrade your asterisk packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlus3OhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTi/w/7BoRNB/dPDJNIuSx0/vfy/hV6YT3oNcl6hc9zQREkPCg2Ft7gGVLSdRxW a0c2ZQYr/JtOdxiBLWa0adPsDyg4NjXUGySsKjeTxhNfyQoW6Za9PssXO8TWGI73 YJAIlZfxNw2nwnKMfUmkuNqKbfVYHrAo/AUKBHk9TrknJwgjsIONddsr5kAG1RIY Z0l98s7fiGi81C6g+dmo/8eWU7X0VcxcAG+1cLe+FZ6gNXDaqYZIVahmNb1PyIPh DIgnbu4MIVK2iIjzcXSz1auolRdnUrkOqRbcOtNBxDi+Sz1fpCk+Tdm89ru9QeO2 LFPHXKbjCtVg3ZN+xndeJ+B6as+dHWfdq2t+rXT0fbLN7HNG2Y1ufBOkRD/Uc3AQ 1c7RclRDrxPZhGuqp+buxSDcMzu/fLuhg2eyJa4yb6Ia6dyQ/+pHPhsuHHTHM7qg E5yKxBhTdo5iBGvGlf9JIAE3JNwpHZTQbSypWa4JVVGr4Uu4VddI4NlYwzt2jbuA ZZ3uTE3FSP4akS+C2D8BYXi25RCuHUmnlwn2xBuFTNXJTqkFQNs3HNEfi5XdNle+ w+g7LMrbShjInmKvFKnYaRzj4wQOZfuQlofTHXaXzXC66vl7BpVNFcUTjxoK2SBf 2viQa/VZVbK+f/KSR5EKPWcSxukGwBfRinqJVjRG1ejzFuWRL8A= =zY2P -----END PGP SIGNATURE-----
