Format: 1.8 Date: Tue, 12 Jul 2011 15:49:26 -0400 Source: asterisk Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config Architecture: amd64 Version: 1:1.6.2.5-0ubuntu1.4 Distribution: lucid Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-h323 - H.323 protocol support for Asterisk asterisk-sounds-main - Core Sound files for Asterisk (English) Changes: asterisk (1:1.6.2.5-0ubuntu1.4) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible code exection via crafted UDPTL packet - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in main/udptl.c. - CVE-2011-1147 * SECURITY UPDATE: denial of service via manager session with invalid data - debian/patches/AST-2011-003-1.6.2.diff: check for errors in main/manager.c. - CVE-2011-1174 * SECURITY UPDATE: denial of service via many short TLS sessions - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures in main/tcptls.c. - CVE-2011-1175 * SECURITY UPDATE: denial of service via a series of TCP connections - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session limits to main/manager.c, configs/manager.conf.sample, channels/chan_sip.c, channels/chan_skinny.c, main/http.c, configs/{skinny,sip,http}.conf.sample. - CVE-2011-1507 * SECURITY UPDATE: remote command execution via incomplete system privilege check - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in main/manager.c. - CVE-2011-1599 * SECURITY UPDATE: denial of service via crafted packet and SIP channel driver - debian/patches/AST-2011-008.diff: set proper length in channels/chan_sip.c. - CVE-2011-2529 * SECURITY UPDATE: denial of service and possible code execution via IAX2 channel driver crafted frame - debian/patches/AST-2011-010-1.6.2.diff: validate options in channels/chan_iax2.c, main/features.c. - CVE-2011-2535 * SECURITY UPDATE: account name enumeration - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in channels/chan_sip.c. - CVE-2011-2536 Checksums-Sha1: 7deea3c8380dd86be0a53d4ac7fc1c1365bdbcff 3774924 asterisk_1.6.2.5-0ubuntu1.4_amd64.deb 3d6a4e0a6669154c14865124912ece0a9a610478 487844 asterisk-h323_1.6.2.5-0ubuntu1.4_amd64.deb c4f2000ab7aa3033284adbab21ff927dbf1ec8fb 21394242 asterisk-dbg_1.6.2.5-0ubuntu1.4_amd64.deb Checksums-Sha256: 1252acc574ebc681a4223d90bdd3465b711b13b1ec91acb613934de9b3f47eef 3774924 asterisk_1.6.2.5-0ubuntu1.4_amd64.deb a2cf8d2a85406408aa9168b33abd0bfb4dce12ac2e0af88409c3ba654a71794c 487844 asterisk-h323_1.6.2.5-0ubuntu1.4_amd64.deb dc202c25fbf7d12daac0571b1045387c4643d74ba3f316731a95c230ae39d8ec 21394242 asterisk-dbg_1.6.2.5-0ubuntu1.4_amd64.deb Files: 91eeda4aac47a8a02e79ade3a64bb36b 3774924 comm optional asterisk_1.6.2.5-0ubuntu1.4_amd64.deb 4f17842293cd22e54ee68553528d5379 487844 comm optional asterisk-h323_1.6.2.5-0ubuntu1.4_amd64.deb 30a06fb1f1bea94c74858152213d779c 21394242 debug extra asterisk-dbg_1.6.2.5-0ubuntu1.4_amd64.deb Original-Maintainer: Debian VoIP Team