[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1523-1] asterisk security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : asterisk
Version        : 1:11.13.1~dfsg-2+deb8u6
CVE ID         : CVE-2018-17281
Debian Bug     : 909554

Sean Bright discovered that Asterisk, a PBX and telephony toolkit,
contained a stack overflow vulnerability in the res_http_websocket.so
module that allowed remote attackers to crash Asterisk via specially
crafted HTTP requests to upgrade the connection to a websocket.

For Debian 8 "Jessie", this problem has been fixed in version
1:11.13.1~dfsg-2+deb8u6.

We recommend that you upgrade your asterisk packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlus3OhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTi/w/7BoRNB/dPDJNIuSx0/vfy/hV6YT3oNcl6hc9zQREkPCg2Ft7gGVLSdRxW
a0c2ZQYr/JtOdxiBLWa0adPsDyg4NjXUGySsKjeTxhNfyQoW6Za9PssXO8TWGI73
YJAIlZfxNw2nwnKMfUmkuNqKbfVYHrAo/AUKBHk9TrknJwgjsIONddsr5kAG1RIY
Z0l98s7fiGi81C6g+dmo/8eWU7X0VcxcAG+1cLe+FZ6gNXDaqYZIVahmNb1PyIPh
DIgnbu4MIVK2iIjzcXSz1auolRdnUrkOqRbcOtNBxDi+Sz1fpCk+Tdm89ru9QeO2
LFPHXKbjCtVg3ZN+xndeJ+B6as+dHWfdq2t+rXT0fbLN7HNG2Y1ufBOkRD/Uc3AQ
1c7RclRDrxPZhGuqp+buxSDcMzu/fLuhg2eyJa4yb6Ia6dyQ/+pHPhsuHHTHM7qg
E5yKxBhTdo5iBGvGlf9JIAE3JNwpHZTQbSypWa4JVVGr4Uu4VddI4NlYwzt2jbuA
ZZ3uTE3FSP4akS+C2D8BYXi25RCuHUmnlwn2xBuFTNXJTqkFQNs3HNEfi5XdNle+
w+g7LMrbShjInmKvFKnYaRzj4wQOZfuQlofTHXaXzXC66vl7BpVNFcUTjxoK2SBf
2viQa/VZVbK+f/KSR5EKPWcSxukGwBfRinqJVjRG1ejzFuWRL8A=
=zY2P
-----END PGP SIGNATURE-----
Reply to: