-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : asterisk Version : 1:11.13.1~dfsg-2+deb8u7 CVE ID : CVE-2019-13161 CVE-2019-18610 CVE-2019-18790
Several vulnerabilites are fixed in Asterisk, an Open Source PBX and telephony toolkit. CVE-2019-13161 An attacker was able to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. CVE-2019-18610 Remote authenticated Asterisk Manager Interface (AMI) users without system authorization could execute arbitrary system commands. CVE-2019-18790 A SIP call hijacking vulnerability. For Debian 8 "Jessie", these problems have been fixed in version 1:11.13.1~dfsg-2+deb8u7. We recommend that you upgrade your asterisk packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl3i15gACgkQiNJCh6LY mLGqxQ//aM0G1zUudUdnVDXvyZw+hlCG1D6YbagtB+4uqCccz7mRVAW2TenRSVRQ mOIeKZgrK5z+tj+oROs2ppeCi3+7LSUWAsBUIdR9FRaW7qI71bUvMYddTte9I1/8 DP9ZJEYizODxfwlBgXv+gq57Jsot053M18BaIfTiAq76RD9c4+C1N9Pvhda0PRi+ UePv/s6yxn/7Xb5oOa+Men8XZv9tTZ+WsOvYpj1WSv6q22Q3C0eni4AUEL9MCfu6 WrNf/2Ndgk/T3BiNfYYWVKvs28ZLTQqo2Vgg3YqvSsaxPzphixtwJ3WiGBaE35T3 VsVn7x9VAb58fw7ty0cYhbL4pqrGjc8W78dqvb1eZqw/4SEoVnWVxQI2EazP8EbW h3AHrV04afmGgBPQO2PnUz1q8O0tHp+s8fCSvvdu0Qv904Ez9QD8vByx1klcolWn +qz16KKmQ1MAfDoyuCHsARZYpN6d8Ra8OCmAwrtn0trmdGag9MQswr6b7QbVLQG+ 7GV9NJNzmtGsvDx+e5HUW5NuJYsO/xF2GhB/QQE4yEjEZY3Ms7GfgmXXL9mXhq6z zC5S9oziNohH8IZCfxgh2PPSI+AkDglrQ12R9uKi/1OtP2aiFNj3MxhxCD2TkiT+ PKiwHlzybYJfwYW6vy7M1iZJxjrkkh2obH84rtiqsUp3bBIuyR0= =RUiS -----END PGP SIGNATURE-----