Debian Security Advisory
DSA-2749-1 asterisk -- several vulnerabilities
- Date Reported:
- 02 Sep 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-5641, CVE-2013-5642.
- More information:
Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service.
For the oldstable distribution (squeeze), these problems have been fixed in version 1:18.104.22.168-2+squeeze11.
For the stable distribution (wheezy), these problems have been fixed in version 22.214.171.124~dfsg-3+deb7u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your asterisk packages.