Parent Directory | Revision Log
Adding security advisory for asterisk mga#11094
1 | type: security |
2 | subject: Updated asterisk package fixes security vulnerabilities |
3 | CVE: |
4 | - CVE-2013-5641 |
5 | - CVE-2013-5642 |
6 | src: |
7 | 3: |
8 | core: |
9 | - asterisk-11.5.1-1.mga3 |
10 | description: | |
11 | A remotely exploitable crash vulnerability exists in the SIP channel |
12 | driver if an ACK with SDP is received after the channel has been |
13 | terminated. The handling code incorrectly assumes that the channel |
14 | will always be present (CVE-2013-5641). |
15 | |
16 | A remotely exploitable crash vulnerability exists in the SIP channel |
17 | driver if an invalid SDP is sent in a SIP request that defines media |
18 | descriptions before connection information. The handling code |
19 | incorrectly attempts to reference the socket address information even |
20 | though that information has not yet been set (CVE-2013-5642). |
21 | references: |
22 | - https://bugs.mageia.org/show_bug.cgi?id=11094 |
23 | - http://downloads.asterisk.org/pub/security/AST-2013-004.html |
24 | - http://downloads.asterisk.org/pub/security/AST-2013-005.html |
ViewVC Help | |
Powered by ViewVC 1.1.30 |