Debian: New Asterisk packages fix arbitrary code execution

    Date06 Dec 2006
    CategoryDebian
    3037
    Posted ByLinuxSecurity Advisories
    Adam Boileau discovered an integer overflow in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1229-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    December 6th, 2006                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : asterisk
    Vulnerability  : integer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-5444
    CERT advisory  : VU#521252
    BugTraq ID     : 20617
    
    Adam Boileau discovered an integer overflow in the Skinny channel
    driver in Asterisk, an Open Source Private Branch Exchange or
    telephone system, as used by Cisco SCCP phones, which allows remote
    attackers to execute arbitrary code.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.0.7.dfsg.1-2sarge4.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.2.13~dfsg-1.
    
    We recommend that you upgrade your asterisk packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.dsc
          Size/MD5 checksum:     1259 2441c1ccc8467ecefc45b58711b9602f
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.diff.gz
          Size/MD5 checksum:    70588 17c8aaae715230d9ea8d0485eb7cfe95
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
          Size/MD5 checksum:  2929488 0d0f718ccd7a06ab998c3f637df294c0
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb
          Size/MD5 checksum:    61616 84dd16720f492033c5c034b69f033f7f
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb
          Size/MD5 checksum:    83382 0fda6ac9d47e7d5bcd9786c7ab17ebd5
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb
          Size/MD5 checksum:  1577766 a5ddadc5ba22723d32a74a2bc4fb9dfc
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb
          Size/MD5 checksum:  1180298 bf9fae8e20a5e299d1c24e5fce59ee96
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb
          Size/MD5 checksum:    28378 eb425bfc6db224dd17346c0a03f06853
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_alpha.deb
          Size/MD5 checksum:  1477714 2835395f4796f717330ec4bc6decca4e
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_alpha.deb
          Size/MD5 checksum:    31406 03e9021f5867a19500fadd3e27563e47
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_alpha.deb
          Size/MD5 checksum:    21444 06a45fc8f1407adfdcaf1453e1cd0874
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_amd64.deb
          Size/MD5 checksum:  1333338 73a991fc324d71d53a375dd81b9eb8e2
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_amd64.deb
          Size/MD5 checksum:    30832 21bde76d77e7948ec115c0752e025353
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_amd64.deb
          Size/MD5 checksum:    21444 c426ea519c9a806039aec64fc58083fc
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_arm.deb
          Size/MD5 checksum:  1262870 4e73f23ddaadabb52c1f06b37e1c520e
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_arm.deb
          Size/MD5 checksum:    29544 7d7f780f79006309910f2f6a66e06818
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_arm.deb
          Size/MD5 checksum:    21444 e50e31d85cc4835fc0023b02d4a19b39
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_hppa.deb
          Size/MD5 checksum:  1448202 32dd05dd323f87a5e2af536e49985faa
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_hppa.deb
          Size/MD5 checksum:    31476 46142d857caf78277934f9e89711b41a
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_hppa.deb
          Size/MD5 checksum:    21450 56f2cebadeabe4f099cf9399f55a589f
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_i386.deb
          Size/MD5 checksum:  1171606 2810bc5ffb85764e07e7ec706dc4f928
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_i386.deb
          Size/MD5 checksum:    29836 0daf81e64c836885f14b2dbf0f54343b
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_i386.deb
          Size/MD5 checksum:    21442 b0a56bf68687633b5965fd5bc48ada95
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_ia64.deb
          Size/MD5 checksum:  1771294 ed00a12ab45bd6f81da7214fc4f0b99d
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_ia64.deb
          Size/MD5 checksum:    32960 4f4e2c882189638bfee0f4e25868ab2b
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_ia64.deb
          Size/MD5 checksum:    21442 1b642cf09597da3404c55d42b6ff0ae7
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_m68k.deb
          Size/MD5 checksum:  1184854 de5fd7c0533e64861c7446c651777fd3
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_m68k.deb
          Size/MD5 checksum:    30224 0967fd0088ec26799999c267a258bb81
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_m68k.deb
          Size/MD5 checksum:    21462 5d19189f30b74bd2112d09a340946cf9
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mips.deb
          Size/MD5 checksum:  1264012 fabd550d77fe25c7e717f29bb3bf1355
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mips.deb
          Size/MD5 checksum:    29430 efd332bdb454dc03e3e2dc63bdd65ce8
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mips.deb
          Size/MD5 checksum:    21448 ff71d10748a00ef5f1c3d4b8632d929f
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mipsel.deb
          Size/MD5 checksum:  1270346 07d3e2bc2677a460f27187264fafe80e
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mipsel.deb
          Size/MD5 checksum:    29366 49499b7916c27d1ede70eddc64505be0
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mipsel.deb
          Size/MD5 checksum:    21450 530e7eb9d1a395faa2fd19dffaf2db6e
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb
          Size/MD5 checksum:  1425172 dae96f2c81168d452cd05b70316632db
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb
          Size/MD5 checksum:    31166 86982177ea3ab8dd23daa989e976c316
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb
          Size/MD5 checksum:    21444 fafe504d906ab206c8c66c558ca866c5
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_s390.deb
          Size/MD5 checksum:  1312516 8b8425df65ae5d632b0f8f1da6fb4c38
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_s390.deb
          Size/MD5 checksum:    30846 1ab2adb0c24b96a0c8a43480cd0a5f68
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_s390.deb
          Size/MD5 checksum:    21442 0e283bcb7f6c4992e99ae7f823c557f3
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_sparc.deb
          Size/MD5 checksum:  1274282 aa531e9c0c268dfabf222092b5b61e51
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_sparc.deb
          Size/MD5 checksum:    29812 3a64e2bccfc0479263d2aa8d00b2cb68
        http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_sparc.deb
          Size/MD5 checksum:    21450 c9f916ccce73e0c25360affd739543e5
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.