Debian Security Advisory
DSA-3990-1 asterisk -- security update
- Date Reported:
- 03 Oct 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-14603.
- More information:
Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak. Please see the upstream advisory at http://downloads.asterisk.org/pub/security/AST-2017-008.html for additional details.
For the oldstable distribution (jessie), this problem has been fixed in version 1:11.13.1~dfsg-2+deb8u4.
For the stable distribution (stretch), this problem has been fixed in version 1:13.14.1~dfsg-2+deb9u2.
We recommend that you upgrade your asterisk packages.