Package: asterisk Version: 1:1.6.2.9-2+squeeze2 Justification: AST-2011-003: Resource exhaustion in Asterisk Manager Interface Severity: serious Tags: security patch upstream
Rapidly opening manager connections, sending invalid data, and closing the connection can cause Asterisk to exhaust available CPU and memory resources. The manager interface is disabled by default in upstream, but enabled by default (listening on localhost only) in the version in Debian 5.0 (Lenny) and 6.0 (Squeeze). See also http://downloads.asterisk.org/pub/security/AST-2011-003.html Patches are available in SVN (branches 'squeeze' and 'lenny-security'). -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
