-------------------------------------------------------------------------
Debian LTS Advisory DLA-3696-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
December 28, 2023                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : asterisk
Version        : 1:16.28.0~dfsg-0+deb10u4
CVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786
Debian Bug     : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange.

CVE-2023-37457

    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
    the available buffer space for storing the new value of a header. By doing
    so this can overwrite memory or cause a crash. This is not externally
    exploitable, unless dialplan is explicitly written to update a header based
    on data from an outside source. If the 'update' functionality is not used
    the vulnerability does not occur.

CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
    higher level media transport which is stacked upon a lower level media
    transport such as UDP and ICE. Currently a higher level transport is not
    synchronized with its lower level transport that may introduce a
    use-after-free issue. This vulnerability affects applications that have
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
    transport other than UDP. This vulnerability’s impact may range from
    unexpected application termination to control flow hijack/memory
    corruption.

CVE-2023-49294

    It is possible to read any arbitrary file even when the `live_dangerously`
    option is not enabled.

CVE-2023-49786

   Asterisk is susceptible to a DoS due to a race condition in the hello
   handshake phase of the DTLS protocol when handling DTLS-SRTP for media
   setup. This attack can be done continuously, thus denying new DTLS-SRTP
   encrypted calls during the attack. Abuse of this vulnerability may lead to
   a massive Denial of Service on vulnerable Asterisk servers for calls that
   rely on DTLS-SRTP.

For Debian 10 buster, these problems have been fixed in version
1:16.28.0~dfsg-0+deb10u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/asterisk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3696-1: asterisk security update

December 28, 2023
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange

Summary


Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.

CVE-2023-49294

It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.

CVE-2023-49786

Asterisk is susceptible to a DoS due to a race condition in the hello
handshake phase of the DTLS protocol when handling DTLS-SRTP for media
setup. This attack can be done continuously, thus denying new DTLS-SRTP
encrypted calls during the attack. Abuse of this vulnerability may lead to
a massive Denial of Service on vulnerable Asterisk servers for calls that
rely on DTLS-SRTP.

For Debian 10 buster, these problems have been fixed in version
1:16.28.0~dfsg-0+deb10u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/asterisk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : asterisk
Version : 1:16.28.0~dfsg-0+deb10u4
CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786
Debian Bug : 1059303 1059032 1059033

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo