| Description: | Summary:
The remote host is missing an update for the Debian 'asterisk' package(s) announced via the DSA-1358-1 advisory.
Vulnerability Insight:
Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-1306
Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service.
CVE-2007-1561
Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service.
CVE-2007-2294
It was discovered that a NULL pointer dereference in the manager interface could lead to denial of service.
CVE-2007-2297
It was discovered that a programming error in the SIP implementation could lead to denial of service.
CVE-2007-2488
Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure.
CVE-2007-3762
Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code.
CVE-2007-3763
Chris Clark and Zane Lackey discovered that several NULL pointer dereferences in the IAX2 implementation could lead to denial of service.
CVE-2007-3764
Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service.
For the oldstable distribution (sarge) these problems have been fixed in version 1.0.7.dfsg.1-2sarge5.
For the stable distribution (etch) these problems have been fixed in version 1:1.2.13~
dfsg-2etch1.
For the unstable distribution (sid) these problems have been fixed in version 1:1.4.11~
dfsg-1.
We recommend that you upgrade your Asterisk packages.
Affected Software/OS:
'asterisk' package(s) on Debian 3.1, Debian 4.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
