This bug was fixed in the package asterisk - 1:1.4.17~dfsg-2ubuntu1
---------------
asterisk (1:1.4.17~dfsg-2ubuntu1) hardy; urgency=low
* SECURITY UPDATE: arbitrary code execution and authentication bypass.
(LP: #210124)
- debian/patches/CVE-2008-1289: Check that incoming RTP payloads are
within buffer limits. Patch from Debian.
- debian/patches/CVE-2008-1332: Ensure that allowguest has been enabled
before deciding that authentication isn't required. Patch from Debian.
- debian/patches/CVE-2008-1333: Interpret logging output as a character
string, not a format string. Patch from Debian.
- References:
+ CVE-2008-1289
+ CVE-2008-1332
+ CVE-2008-1333
+ AST-2008-002
+ AST-2008-003
+ AST-2008-004
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- William Grant <[EMAIL PROTECTED]> Sat, 05 Apr 2008 11:32:12 +1100
** Changed in: asterisk (Ubuntu Hardy)
Status: In Progress => Fix Released
--
[asterisk] several vulnerabilities
https://bugs.launchpad.net/bugs/210124
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
