Debian Wheezy DSA-2835-1 Critical: Asterisk Buffer Overflow
debian
January 5, 2014
Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk
Topics Covered
Summary
Jan Juergens discovered a buffer overflow in the parser for SMS messages
in Asterisk.
An additional change was backported, which is fully described in
http://downloads.asterisk.org/pub/security/AST-2013-007.html
With the fix for AST-2013-007, a new configuration option was added in
order to allow the system adminitrator to disable the expansion of
"dangerous" functions (such as SHELL()) from any interface which is not
the dialplan. In stable and oldstable this option is disabled by default.
To enable it add the following line to the section '[options]' in
/etc/asterisk/asterisk.conf (and restart asterisk)
live_dangerously = no
For the oldstable distribution (squeeze), this problem has been fixed in
version 1:1.6.2.9-2+squeeze12.
For the stable distribution (wheezy), this problem has been fixed in
version 1:1.8.13.1~dfsg1-3+deb7u3.
For the testing distribution (jessie), this problem has been fixed in
version 1:11.7.0~dfsg-1.
For the unstable distribution (sid), this problem has been fixed in
ver...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: asterisk
CVE ID: CVE-2013-7100
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!