Ubuntu
asterisk package

asterisk 1:1.6.2.9-2ubuntu2.1 source package in Ubuntu

Changelog

asterisk (1:1.6.2.9-2ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code exection via
    crafted UDPTL packet
    - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
      main/udptl.c.
    - CVE-2011-1147
  * SECURITY UPDATE: denial of service via manager session with invalid
    data
    - debian/patches/AST-2011-003-1.6.2.diff: check for errors in
      main/manager.c.
    - CVE-2011-1174
  * SECURITY UPDATE: denial of service via many short TLS sessions
    - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
      in main/tcptls.c.
    - CVE-2011-1175
  * SECURITY UPDATE: denial of service via a series of TCP connections
    - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
      limits to main/manager.c, configs/manager.conf.sample,
      channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
      configs/{skinny,sip,http}.conf.sample.
    - CVE-2011-1507
  * SECURITY UPDATE: remote command execution via incomplete system
    privilege check
    - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
      main/manager.c.
    - CVE-2011-1599
  * SECURITY UPDATE: denial of service via crafted packet and SIP channel
    driver
    - debian/patches/AST-2011-008.diff: set proper length in
      channels/chan_sip.c.
    - CVE-2011-2529
  * SECURITY UPDATE: denial of service and possible code execution via
    IAX2 channel driver crafted frame
    - debian/patches/AST-2011-010-1.6.2.diff: validate options in
      channels/chan_iax2.c, main/features.c.
    - CVE-2011-2535
  * SECURITY UPDATE: account name enumeration
    - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
      channels/chan_sip.c.
    - CVE-2011-2536
 -- Marc Deslauriers <email address hidden>   Tue, 12 Jul 2011 14:38:08 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Natty
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
comm
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
asterisk_1.6.2.9.orig.tar.gz 22.5 MiB 109a8f29bd08844d9310435fb944908e6ada60e36917f2a3ed800c266a08bc1c
asterisk_1.6.2.9-2ubuntu2.1.debian.tar.gz 84.5 KiB 06b0acf230b28f784ce966ff72a419e46496b3d1195a1e266fa1e9b51ad908ae
asterisk_1.6.2.9-2ubuntu2.1.dsc 2.7 KiB a8162bdf809ee7f93b64e6074390a5bff350047c1835a86fda3e99eb0da9d566

View changes file

Binary packages built by this source

asterisk: No summary available for asterisk in ubuntu natty.

No description available for asterisk in ubuntu natty.

asterisk-config: No summary available for asterisk-config in ubuntu natty.

No description available for asterisk-config in ubuntu natty.

asterisk-dbg: No summary available for asterisk-dbg in ubuntu natty.

No description available for asterisk-dbg in ubuntu natty.

asterisk-dev: No summary available for asterisk-dev in ubuntu natty.

No description available for asterisk-dev in ubuntu natty.

asterisk-doc: No summary available for asterisk-doc in ubuntu natty.

No description available for asterisk-doc in ubuntu natty.

asterisk-h323: No summary available for asterisk-h323 in ubuntu natty.

No description available for asterisk-h323 in ubuntu natty.

asterisk-sounds-main: No summary available for asterisk-sounds-main in ubuntu natty.

No description available for asterisk-sounds-main in ubuntu natty.