[SECURITY] [DLA 2017-1] asterisk security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : asterisk
Version : 1:11.13.1~dfsg-2+deb8u7
CVE ID : CVE-2019-13161 CVE-2019-18610 CVE-2019-18790
Several vulnerabilites are fixed in Asterisk,
an Open Source PBX and telephony toolkit.
CVE-2019-13161
An attacker was able to crash Asterisk when handling an SDP answer to an
outgoing T.38 re-invite.
CVE-2019-18610
Remote authenticated Asterisk Manager Interface (AMI) users without
system authorization could execute arbitrary system commands.
CVE-2019-18790
A SIP call hijacking vulnerability.
For Debian 8 "Jessie", these problems have been fixed in version
1:11.13.1~dfsg-2+deb8u7.
We recommend that you upgrade your asterisk packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl3i15gACgkQiNJCh6LY
mLGqxQ//aM0G1zUudUdnVDXvyZw+hlCG1D6YbagtB+4uqCccz7mRVAW2TenRSVRQ
mOIeKZgrK5z+tj+oROs2ppeCi3+7LSUWAsBUIdR9FRaW7qI71bUvMYddTte9I1/8
DP9ZJEYizODxfwlBgXv+gq57Jsot053M18BaIfTiAq76RD9c4+C1N9Pvhda0PRi+
UePv/s6yxn/7Xb5oOa+Men8XZv9tTZ+WsOvYpj1WSv6q22Q3C0eni4AUEL9MCfu6
WrNf/2Ndgk/T3BiNfYYWVKvs28ZLTQqo2Vgg3YqvSsaxPzphixtwJ3WiGBaE35T3
VsVn7x9VAb58fw7ty0cYhbL4pqrGjc8W78dqvb1eZqw/4SEoVnWVxQI2EazP8EbW
h3AHrV04afmGgBPQO2PnUz1q8O0tHp+s8fCSvvdu0Qv904Ez9QD8vByx1klcolWn
+qz16KKmQ1MAfDoyuCHsARZYpN6d8Ra8OCmAwrtn0trmdGag9MQswr6b7QbVLQG+
7GV9NJNzmtGsvDx+e5HUW5NuJYsO/xF2GhB/QQE4yEjEZY3Ms7GfgmXXL9mXhq6z
zC5S9oziNohH8IZCfxgh2PPSI+AkDglrQ12R9uKi/1OtP2aiFNj3MxhxCD2TkiT+
PKiwHlzybYJfwYW6vy7M1iZJxjrkkh2obH84rtiqsUp3bBIuyR0=
=RUiS
-----END PGP SIGNATURE-----
Reply to: