*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
A new security advisory with patches has been recently released by Digium: http://downloads.asterisk.org/pub/security/AST-2012-014.html Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. ** Affects: asterisk (Ubuntu) Importance: Undecided Status: Incomplete ** Affects: asterisk (Debian) Importance: Unknown Status: Incomplete -- (CVE-2012-5976) AST-2012-014 Crashes due to large stack allocations when using TCP https://bugs.launchpad.net/bugs/1097687 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
