Source: asterisk Version: 1:13.18.5~dfsg-1 Severity: grave Tags: patch security upstream
Hi, the following vulnerability was published for asterisk. CVE-2018-7286[0]: | An issue was discovered in Asterisk through 13.19.1, 14.x through | 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through | 13.18-cert2. res_pjsip allows remote authenticated users to crash | Asterisk (segmentation fault) by sending a number of SIP INVITE | messages on a TCP or TLS connection and then suddenly closing the | connection. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286 [1] http://downloads.asterisk.org/pub/security/AST-2018-005.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore