Bug#509686: marked as done ([CVE-2008-5558] remote crash of asterisk with realtime IAX2 users/peers)

Wed, 07 Jan 2009 10:43:11 -0800 

Your message dated Wed, 7 Jan 2009 19:39:03 +0100
with message-id <20090107183903.ga24...@ngolde.de>
and subject line closing
has caused the Debian Bug report #509686,
regarding [CVE-2008-5558] remote crash of asterisk with realtime IAX2 
users/peers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
509686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509686
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: asterisk
Version: 1:1.2.13~dfsg-2etch3
Severity: grave
Tags: pending security etch

There is a possibility to remotely crash an Asterisk server if the
server is configured to use realtime IAX2 users. The issue occurs if
either an unknown user attempts to authenticate or if a user that uses
hostname matching attempts to authenticate.

http://downloads.digium.com/pub/asa/AST-2008-012.html

The advisory mentions that the issue is for versions 1.2.26 - 1.2.30.3 , 
however it was introduced in a previous bugfix that has already been
included in Debian, specifically in AST-2007-027.dpatch that was added
in 1:1.2.13~dfsg-2etch3 .

I included this patch in
http://svn.debian.org/viewsvn/pkg-voip?rev=6581&view=rev

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.co...@xorcom.com
+972-50-7952406           mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com  iax:gu...@local.xorcom.com/tzafrir

--- End Message ---
--- Begin Message --- 
Version: 1:1.4.0~dfsg-1

The complete 1.4.x release line is not affected.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpOb4a0lpSoj.pgp
Description: PGP signature


--- End Message ---

Reply via email to