Source: asterisk Version: 1:13.22.0~dfsg-2 Severity: grave Tags: security upstream
Hi, The following vulnerability was published for asterisk. CVE-2018-17281[0]: | There is a stack consumption vulnerability in the | res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x | through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through | 13.21-cert2. It allows an attacker to crash Asterisk via a specially | crafted HTTP request to upgrade the connection to a websocket. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-17281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281 [1] http://downloads.asterisk.org/pub/security/AST-2018-009.html [2] https://issues.asterisk.org/jira/browse/ASTERISK-28013 Please adjust the affected versions in the BTS as needed. Regards, Salvatore