Package: asterisk Version: 1:1.2.13~dfsg-2etch3 Severity: grave Tags: pending security etch
There is a possibility to remotely crash an Asterisk server if the server is configured to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname matching attempts to authenticate. http://downloads.digium.com/pub/asa/AST-2008-012.html The advisory mentions that the issue is for versions 1.2.26 - 1.2.30.3 , however it was introduced in a previous bugfix that has already been included in Debian, specifically in AST-2007-027.dpatch that was added in 1:1.2.13~dfsg-2etch3 . I included this patch in http://svn.debian.org/viewsvn/pkg-voip?rev=6581&view=rev -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
