Ubuntu
asterisk package

  1. Bug #491637
  2. Comment #1

Comment 1 for bug 491637

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package asterisk - 1:1.6.2.0~rc2-0ubuntu1.1

---------------
asterisk (1:1.6.2.0~rc2-0ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
    - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
      check ACL for handling SIP INVITEs. This blocks calls on networks
      intended to be prohibited, by configuration. Based on upstream patch.
    - AST-2009-007
    - CVE-2009-3723
  * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
    - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
      to stop a specially crafted series of requests returning valid usernames.
      Based on upstream patch.
    - AST-2009-008
    - CVE-2009-3727
  * SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
    - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
      comfort noise payload containing 24 bytes or greater is recieved.
    - AST-2009-010
    - CVE-2009-4055
 -- Dave Walker (Daviey) <email address hidden> Mon, 07 Dec 2009 12:23:36 +0000