Ubuntu
asterisk package

Please update Asterisk from Debian Sid

Bug #996162 reported by Alexey on 2012-05-07

262

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	asterisk (Debian)	Fix Released	Unknown	debbugs #670180
	asterisk (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

In Asterisk 1.8.11.1~dfsg-1 (http://packages.debian.org/sid/asterisk ) fix three security vulnerability CVE-2012-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414 (http://downloads.asterisk.org/pub/security/AST-2012-004.html ) CVE-2012-2415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2415 (http://downloads.asterisk.org/pub/security/AST-2012-005.html ) CVE-2012-2416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2416 (http://downloads.asterisk.org/pub/security/AST-2012-006.html )

See original description

Tags:

CVE References

Alexey (alexey.u.m) on 2012-05-08

description:

updated

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-05-14:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

visibility:	private → public
Changed in asterisk (Ubuntu):
status:	New → Confirmed

Revision history for this message

Karma Dorje (taaroa) wrote on 2012-10-21:

asterisk (1:1.8.11.1~dfsg-1) unstable; urgency=high
.
   * New upstream release, Closes: #670180:
     - AST-2012-004 - further Manager permission fixes (CVE-2012-2414).
     - AST-2012-005 - Heap overflow in chan_skinny (CVE-2012-2415).
     - AST-2012-006 - Remote crash on SIP "UPDATE" method (CVE-2012-2416).
   * Fix daemon status check in init.d script (Closes: #669378).
   * Patch menuselect_cflags: allow passing our flags to menuselect's build.
     - Use it t opass our CFLAGS to menuselect (Closes: #664086).

tags:

added: upgrade-software-version

Bug Watch Updater (bug-watch-updater) on 2012-10-23

Changed in asterisk (Debian):
status:	Unknown → Fix Released

Revision history for this message

Logan Rosen (logan) wrote on 2012-11-19:

asterisk 1:1.8.13.1~dfsg-1ubuntu2 is available in both Quantal and Raring.

Changed in asterisk (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #670180
[done grave security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuasterisk package

Please update Asterisk from Debian Sid

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
asterisk package