Debian Asterisk DSA-5596-1 critical: DoS and memory corruption attacks

Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications...