Linux Security
    Linux Security
    Linux Security

    Debian: Asterisk fix arbitrary code execution DSA-1048-1

    Date 30 Apr 2006
    4664
    Posted By LinuxSecurity Advisories
    Updated package.

    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1048-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    May 1st, 2006                           https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : asterisk
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2005-3559 CVE-2006-1827
    BugTraq ID     : 15336
    Debian Bug     : 338116
    
    Several problems have been discovered in Asterisk, an Open Source
    Private Branch Exchange (telephone control center).  The Common
    Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2005-3559
    
        Adam Pointon discovered that due to missing input sanitising it is
        possible to retrieve recorded phone messages for a different
        extension.
    
    CVE-2006-1827
    
        Emmanouel Kellinis discovered an integer signedness error that
        could trigger a buffer overflow and hence allow the execution of
        arbitrary code.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 0.1.11-3woody1.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.0.7.dfsg.1-2sarge2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.2.7.1.dfsg-1.
    
    We recommend that you upgrade your asterisk package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.dsc
          Size/MD5 checksum:      664 373ab7aabc288579558c4f89f5afa6c9
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.diff.gz
          Size/MD5 checksum:     7105 0147328df3620d3a2cd4604817518c6f
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11.orig.tar.gz
          Size/MD5 checksum:  1094520 799022997d32f9f63ee47db4f3069cc7
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_alpha.deb
          Size/MD5 checksum:  1102026 614622fa8f8c1d528834c62b066e9502
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_arm.deb
          Size/MD5 checksum:  1007528 7a764a742b9563ca733ac9d593b9f2ba
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_i386.deb
          Size/MD5 checksum:   966436 aca1c73b82bab36013ec4facae76c62f
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_ia64.deb
          Size/MD5 checksum:  1221462 b61d30160a3ee4192a1e1bca0cfced47
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_hppa.deb
          Size/MD5 checksum:  1097966 82456597bb249cf1a0e92e7321537dd9
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_m68k.deb
          Size/MD5 checksum:   967110 7e991ae768bdffb90338001e4384e27a
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_mipsel.deb
          Size/MD5 checksum:   988628 252c7fcd9903a4c8e99842619a2e3bed
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_powerpc.deb
          Size/MD5 checksum:  1018210 6bcdbe5da063b50f7900f46d2f679c1c
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_s390.deb
          Size/MD5 checksum:   993864 eb1e66f13d2615a90b167ffbb68e1501
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_sparc.deb
          Size/MD5 checksum:  1073510 5cd2731fbb6afb3b8a3c4cc3e5c887df
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.dsc
          Size/MD5 checksum:     1261 e99dfbd0308ea3f26a29ce17fe30d755
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.diff.gz
          Size/MD5 checksum:    69531 8d64de4a35a37614e37770e49229cc8e
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
          Size/MD5 checksum:  2929488 0d0f718ccd7a06ab998c3f637df294c0
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge2_all.deb
          Size/MD5 checksum:    61454 756d8457fec2dfc73e93d4885ad99632
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge2_all.deb
          Size/MD5 checksum:    83242 aede47f1e3cb5fb4b092ec106f155503
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge2_all.deb
          Size/MD5 checksum:  1577520 52edf9d30e42e5f43edb417a48279bc4
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge2_all.deb
          Size/MD5 checksum:  1179972 ba1498fb09ce854e91c363697e5f56c5
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge2_all.deb
          Size/MD5 checksum:    28236 29cee78488bd0292e469b02f557f325a
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_alpha.deb
          Size/MD5 checksum:  1477470 4b27fd45bf591a45c1df219e7427fb3f
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_alpha.deb
          Size/MD5 checksum:    31268 fbd1f14dbece0fa6c35020d28cf5fc19
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_alpha.deb
          Size/MD5 checksum:    21294 b2c38dc8fab098ba42b9a2b9df53365a
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_amd64.deb
          Size/MD5 checksum:  1333126 97cf9b0f02ca85a0f3988a419d74d101
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_amd64.deb
          Size/MD5 checksum:    30694 3da16a12852ccde9c25fd06d20ddf165
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_amd64.deb
          Size/MD5 checksum:    21298 7fdce0bf81003472019fc238c97039a6
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_arm.deb
          Size/MD5 checksum:  1262564 a662f0c5b745b84c77821529a5b95c74
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_arm.deb
          Size/MD5 checksum:    29408 4b2371af11e31fe17f3b1ce428009c71
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_arm.deb
          Size/MD5 checksum:    21294 5695bb2ba51ba159f75186ead3aeadd8
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_i386.deb
          Size/MD5 checksum:  1175100 057c97258c30084249ed87a8e67e34fe
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_i386.deb
          Size/MD5 checksum:    29722 21b28111a92b3054727af9cdf7ca40db
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_i386.deb
          Size/MD5 checksum:    21292 7ae9ba55b0ab039f3a0183aa4805af7c
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_ia64.deb
          Size/MD5 checksum:  1771018 9a595b393cb2e6f68f27d964e3f7a11a
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_ia64.deb
          Size/MD5 checksum:    32826 6922be80b649d6ad44081f6bccc512c9
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_ia64.deb
          Size/MD5 checksum:    21292 bdcf965b876781e1b6aa3b185e9443f6
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_hppa.deb
          Size/MD5 checksum:  1447646 38bce42679887ab40a5ac4a8e7f725d2
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_hppa.deb
          Size/MD5 checksum:    31338 447483805146ef8cf996cb3b8c3931a0
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_hppa.deb
          Size/MD5 checksum:    21296 7224f123df44bb817ac4f4fe8e4fc96d
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_m68k.deb
          Size/MD5 checksum:  1184568 b6814c31545c9dfa4aea857f7e527929
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_m68k.deb
          Size/MD5 checksum:    30084 f66438755ea42f48a45e1bcb977d4ed8
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_m68k.deb
          Size/MD5 checksum:    21302 a29dc084d1a5a3cc9547f610d5f07ace
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mips.deb
          Size/MD5 checksum:  1263690 bcda258393f2672dd2dce565dd71e9d7
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mips.deb
          Size/MD5 checksum:    29292 a0fc61357a8949cd49e52535f89280e6
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mips.deb
          Size/MD5 checksum:    21296 b38df181f2f9689c8e71ead3cdf17af8
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mipsel.deb
          Size/MD5 checksum:  1270114 cfcfdb5ba55a4c15c2f51cd9af0ff914
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mipsel.deb
          Size/MD5 checksum:    29228 e0323dccf28dcb718a1b5c4c8ae1e9b7
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mipsel.deb
          Size/MD5 checksum:    21294 a4f3b1157e61cc14f5c3820d5b38348e
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_powerpc.deb
          Size/MD5 checksum:  1421934 d29f00ef7f63141125a9d55dd8f03680
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_powerpc.deb
          Size/MD5 checksum:    31028 ae3955beb5caff9ecba95a71f1511d6f
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_powerpc.deb
          Size/MD5 checksum:    21298 0e03c0122050501ca3869a442cc43cc3
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_s390.deb
          Size/MD5 checksum:  1312360 1ce88997009285a2934c29f6109f3c58
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_s390.deb
          Size/MD5 checksum:    30714 69eac145cbdfe8764b11b0c25de86f71
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_s390.deb
          Size/MD5 checksum:    21296 778dd4c365e79f059af8a70f4a3e8af8
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_sparc.deb
          Size/MD5 checksum:  1274034 812e80e52c2d0d0e2d0e6b9e735034dd
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_sparc.deb
          Size/MD5 checksum:    29678 08e85cff017d51beb8834333090fb2f6
        https://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_sparc.deb
          Size/MD5 checksum:    21296 eab26f52aae41a639dc7221605f5e023
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.