Debian 11 bullseye DLA-3925-1 critical: asterisk privilege escalation
debian lts
October 20, 2024
Two issues have been found in asterisk, an Open Source Private Branch Exchange
Topics Covered
Summary
Two issues have been found in asterisk, an Open Source Private Branch
Exchange.
CVE-2024-42365
Due to a privilege escalation, remote code execution and/or
blind server-side request forgery with arbitrary protocol are
possible.
CVE-2024-42491
Due to bad handling of malformed Contact or Record-Route URI in an
incoming SIP request, Asterisk might crash when res_resolver_unbound
is used.
Thanks to Niels Galjaard, a minor privilege escalation has been fixed.
More information about ths can be found at:
https://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/2024-July/038664.html
For Debian 11 bullseye, these problems have been fixed in version
1:16.28.0~dfsg-0+deb11u5.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/asterisk
Further information about Debian LTS security advisories, how to apply
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: asterisk
Version: 1:16.28.0~dfsg-0+deb11u5
CVE ID: CVE-2024-42365 CVE-2024-42491
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!