* SECURITY UPDATE: ACK response spoofing
- added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special
id to prevent ACK response spoofing. Based on upstream patch.
- CVE-2008-1897
- AST-2008-006
* SECURITY UPDATE: POKE request flooding
- added debian/patches/CVE-2008-3263: Adjust chan_iax2.c to prevent
'POKE' request flooding. Based on upstream patch.
- CVE-2008-3263
- AST-2008-010
* SECURITY UPDATE: firmware packet flooding
- added debian/patches/CVE-2008-3264: Adjust chan_iax2.c to prevent
firmware packet flooding. Based on upstream patch.
- CVE-2008-3264
- AST-2008-011
* SECURITY UPDATE: information leak in IAX2 authentication
- added debian/patches/CVE-2009-0041: Adjust chan_iax2.c to fix
information leak in IAX2 authentication. Based on upstream patch.
- CVE-2009-0041
- AST-2009-001
* SECURITY UPDATE: SIP responses expose valid usernames
- added debian/patches/CVE-2008-3903: Adjust chan_sip.c to make
it more difficult to scan for available usernames.
- CVE-2008-3903
- AST-2009-003
* SECURITY UPDATE: An attacker could hijack a manager session
- added debian/patches/CVE-2008-1390: Adjust manager.c to
never assign an invalid id of 0
- CVE-2008-1390
- AST-2008-005
asterisk (1:1.4. 17~dfsg- 2ubuntu1. 1) hardy-security; urgency=low
* SECURITY UPDATE: ACK response spoofing patches/ CVE-2008- 1897: Adjust chan_iax2.c to use a special patches/ CVE-2008- 3263: Adjust chan_iax2.c to prevent patches/ CVE-2008- 3264: Adjust chan_iax2.c to prevent patches/ CVE-2009- 0041: Adjust chan_iax2.c to fix patches/ CVE-2008- 3903: Adjust chan_sip.c to make patches/ CVE-2008- 1390: Adjust manager.c to
- added debian/
id to prevent ACK response spoofing. Based on upstream patch.
- CVE-2008-1897
- AST-2008-006
* SECURITY UPDATE: POKE request flooding
- added debian/
'POKE' request flooding. Based on upstream patch.
- CVE-2008-3263
- AST-2008-010
* SECURITY UPDATE: firmware packet flooding
- added debian/
firmware packet flooding. Based on upstream patch.
- CVE-2008-3264
- AST-2008-011
* SECURITY UPDATE: information leak in IAX2 authentication
- added debian/
information leak in IAX2 authentication. Based on upstream patch.
- CVE-2009-0041
- AST-2009-001
* SECURITY UPDATE: SIP responses expose valid usernames
- added debian/
it more difficult to scan for available usernames.
- CVE-2008-3903
- AST-2009-003
* SECURITY UPDATE: An attacker could hijack a manager session
- added debian/
never assign an invalid id of 0
- CVE-2008-1390
- AST-2008-005