This bug was fixed in the package asterisk - 1:1.6.2.0~rc2-0ubuntu1.1 --------------- asterisk (1:1.6.2.0~rc2-0ubuntu1.1) karmic-security; urgency=low
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632). - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to check ACL for handling SIP INVITEs. This blocks calls on networks intended to be prohibited, by configuration. Based on upstream patch. - AST-2009-007 - CVE-2009-3723 * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637). - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message to stop a specially crafted series of requests returning valid usernames. Based on upstream patch. - AST-2009-008 - CVE-2009-3727 * SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555). - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP comfort noise payload containing 24 bytes or greater is recieved. - AST-2009-010 - CVE-2009-4055 -- Dave Walker (Daviey) <davewal...@ubuntu.com> Mon, 07 Dec 2009 12:23:36 +0000 ** Changed in: asterisk (Ubuntu Karmic) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3727 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-4055 -- ACL not respected on SIP INVITE https://bugs.launchpad.net/bugs/491632 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs