asterisk (1:1.4.17~dfsg-2ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: ACK response spoofing - added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special id to prevent ACK response spoofing. Based on upstream patch. - CVE-2008-1897 - AST-2008-006 * SECURITY UPDATE: POKE request flooding - added debian/patches/CVE-2008-3263: Adjust chan_iax2.c to prevent 'POKE' request flooding. Based on upstream patch. - CVE-2008-3263 - AST-2008-010 * SECURITY UPDATE: firmware packet flooding - added debian/patches/CVE-2008-3264: Adjust chan_iax2.c to prevent firmware packet flooding. Based on upstream patch. - CVE-2008-3264 - AST-2008-011 * SECURITY UPDATE: information leak in IAX2 authentication - added debian/patches/CVE-2009-0041: Adjust chan_iax2.c to fix information leak in IAX2 authentication. Based on upstream patch. - CVE-2009-0041 - AST-2009-001 * SECURITY UPDATE: SIP responses expose valid usernames - added debian/patches/CVE-2008-3903: Adjust chan_sip.c to make it more difficult to scan for available usernames. - CVE-2008-3903 - AST-2009-003 * SECURITY UPDATE: An attacker could hijack a manager session - added debian/patches/CVE-2008-1390: Adjust manager.c to never assign an invalid id of 0 - CVE-2008-1390 - AST-2008-005
** Changed in: asterisk (Ubuntu Hardy) Status: Fix Committed => Fix Released -- Fix vulnerabilities in channels/chan_ia2x.c https://bugs.launchpad.net/bugs/345217 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs