[Bug 345217] Re: Fix vulnerabilities in channels/chan_ia2x.c
Jamie Strandboge
jamie at ubuntu.com
Mon Sep 28 16:27:37 UTC 2009
asterisk (1:1.4.17~dfsg-2ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: ACK response spoofing
- added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special
id to prevent ACK response spoofing. Based on upstream patch.
- CVE-2008-1897
- AST-2008-006
* SECURITY UPDATE: POKE request flooding
- added debian/patches/CVE-2008-3263: Adjust chan_iax2.c to prevent
'POKE' request flooding. Based on upstream patch.
- CVE-2008-3263
- AST-2008-010
* SECURITY UPDATE: firmware packet flooding
- added debian/patches/CVE-2008-3264: Adjust chan_iax2.c to prevent
firmware packet flooding. Based on upstream patch.
- CVE-2008-3264
- AST-2008-011
* SECURITY UPDATE: information leak in IAX2 authentication
- added debian/patches/CVE-2009-0041: Adjust chan_iax2.c to fix
information leak in IAX2 authentication. Based on upstream patch.
- CVE-2009-0041
- AST-2009-001
* SECURITY UPDATE: SIP responses expose valid usernames
- added debian/patches/CVE-2008-3903: Adjust chan_sip.c to make
it more difficult to scan for available usernames.
- CVE-2008-3903
- AST-2009-003
* SECURITY UPDATE: An attacker could hijack a manager session
- added debian/patches/CVE-2008-1390: Adjust manager.c to
never assign an invalid id of 0
- CVE-2008-1390
- AST-2008-005
** Changed in: asterisk (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
Fix vulnerabilities in channels/chan_ia2x.c
https://bugs.launchpad.net/bugs/345217
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list