Package: asterisk Version: 1:1.6.2.9-2+squeeze2 Justification: AST-2011-003: Resource exhaustion in Asterisk Manager Interface Severity: serious Tags: security patch upstream
Rapidly opening manager connections, sending invalid data, and closing the connection can cause Asterisk to exhaust available CPU and memory resources. The manager interface is disabled by default in upstream, but enabled by default (listening on localhost only) in the version in Debian 5.0 (Lenny) and 6.0 (Squeeze). See also http://downloads.asterisk.org/pub/security/AST-2011-003.html Patches are available in SVN (branches 'squeeze' and 'lenny-security'). -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best tzaf...@debian.org | | friend -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best tzaf...@debian.org | | friend -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
