 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.69694 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 14 FEDORA-2011-6225 (asterisk) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to asterisk announced via advisory FEDORA-2011-6225. Update Information: The Asterisk Development Team has announced the release of Asterisk 1.6.2.18. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.6.2.18 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release: * Only offer codecs both sides support for directmedia. (Closes issue #17403. Reported, patched by one47) * Resolution of several DTMF based attended transfer issues. (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo, shihchuan, grecco. Patched by rmudgett) NOTE: Be sure to read the ChangeLog for more information about these changes. * Resolve deadlocks related to device states in chan_sip (Closes issue #18310. Reported, patched by one47. Patched by jpeeler) * Fix channel redirect out of MeetMe() and other issues with channel softhangup (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb. Patched by russellb) * Fix voicemail sequencing for file based storage. (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by jpeeler) * Guard against retransmitting BYEs indefinitely during attended transfers with chan_sip. (Review: https://reviewboard.asterisk.org/r/1077/) In addition to the changes listed above, commits to resolve security issues AST-2011-005 and AST-2011-006 have been merged into this release. More information about AST-2011-005 and AST-2011-006 can be found at: http://downloads.asterisk.org/pub/security/AST-2011-005.pdf http://downloads.asterisk.org/pub/security/AST-2011-006.pdf For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18 branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two issues: * File Descriptor Resource Exhaustion (AST-2011-005) * Asterisk Manager User Shell Access (AST-2011-006) The issues and resolutions are described in the AST-2011-005 and AST-2011-006 security advisories. For more information about the details of these vulnerabilities, please read the security advisories AST-2011-005 and AST-2011-006, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3 Security advisory AST-2011-005 and AST-2011-006 are available at: http://downloads.asterisk.org/pub/security/AST-2011-005.pdf http://downloads.asterisk.org/pub/security/AST-2011-006.pdf References: [ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005) https://bugzilla.redhat.com/show_bug.cgi?id=698916 [ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006) https://bugzilla.redhat.com/show_bug.cgi?id=698917 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update asterisk' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-6225 Risk factor : Critical CVSS Score: 9.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1507 Debian Security Information: DSA-2225 (Google Search) http://www.debian.org/security/2011/dsa-2225 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html http://securitytracker.com/id?1025432 http://secunia.com/advisories/44197 http://secunia.com/advisories/44529 http://www.vupen.com/english/advisories/2011/1086 http://www.vupen.com/english/advisories/2011/1107 http://www.vupen.com/english/advisories/2011/1188 Common Vulnerability Exposure (CVE) ID: CVE-2011-1599 1025433 http://securitytracker.com/id?1025433 44197 44529 47537 http://www.securityfocus.com/bid/47537 ADV-2011-1086 ADV-2011-1107 ADV-2011-1188 DSA-2225 FEDORA-2011-5835 FEDORA-2011-6208 [oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability http://openwall.com/lists/oss-security/2011/04/22/6 http://downloads.digium.com/pub/security/AST-2011-006.html |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |