Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora Advisory: 2010-21324 Critical OpenSSL Security Vulnerability Alert

fedora
Calendar Grey November 16, 2009
Dist Fedora Esm H88
Fedora Security Alert regarding Asterisk concerning an ACL vulnerability on SIP INVITES due to a recent patch deployment.
* Tue Oct 27 2009 Jeffrey C

Summary

Asterisk is a complete PBX in software. It runs on Linux and provides

all of the features you would expect from a PBX and more. Asterisk

does voice over IP in three protocols, and can interoperate with

almost all standards-based telephony equipment using relatively

inexpensive hardware.

Update Information:

* Tue Oct 27 2009 Jeffrey C. Ollie - 1.6.1.8-1 - Update to 1.6.1.8 to fix bug 531199: - - http://downloads.asterisk.org/pub/security/AST-2009-007.html - - A missing ACL check for handling SIP INVITEs allows a device to make - calls on networks intended to be prohibited as defined by the "deny" - and "permit" lines in sip.conf. The ACL check for handling SIP - registrations was not affected. Other bugs were handled by previous updates, including them here so that bodhi will close them out.

Topics%20covered

Topics Covered

security advisory moderate security issue Fedora access control asterisk SIP INVITE

Change Log

* Tue Oct 27 2009 Jeffrey C. Ollie - 1.6.1.8-1 - Update to 1.6.1.8 to fix bug 531199: - - http://downloads.asterisk.org/pub/security/AST-2009-007.html - - A missing ACL check for handling SIP INVITEs allows a device to make - calls on networks intended to be prohibited as defined by the "deny" - and "permit" lines in sip.conf. The ACL check for handling SIP - registrations was not affected. * Sat Oct 24 2009 Jeffrey C. Ollie - 1.6.1.7-0.4.rc2 - Add an AST_EXTRA_ARGS option to the init script - have the init script to cd to /var/spool/asterisk to prevent annoying message * Sat Oct 24 2009 Jeffrey C. Ollie - 1.6.1.7-0.3.rc2 - Compile against gmime 2.2 instead of gmime 2.4 because the patch to convert the API calls from 2.2 to 2.4 caused crashes. * Fri Oct 9 2009 Jeffrey C. Ollie - 1.6.1.7-0.2.rc2 - Require latex2html used in static-http documents * Thu Oct 8 2009 Jeffrey C. Ollie - 1.6.1.7-0.1.rc2 - Update to 1.6.1.7-rc2 - Merge firmware subpackage back into main package - No longer need to strip tarball since it no longer contains any non-free items - Tighten up permissions/ownership of config files. - Fix up some more paths - Drop unneeded patch * Wed Sep 9 2009 Jeffrey C. Ollie - 1.6.1.6-2 - Enable building of API docs. - Depend on version 1.2 or newer of speex * Sun Sep 6 2009 Jeffrey C. Ollie - 1.6.1.6-1 - Update to 1.6.1.6 - Drop patches that are too troublesome to maintain anymore or have been integrated upstream. * Tue Sep 1 2009 Jeffrey C. Ollie - 1.6.1-0.26.rc1 - Add a patch from Quentin Armitage and rebuld. * Fri Aug 21 2009 Tomas Mraz - 1.6.1-0.25.rc1 - rebuilt with new openssl * Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-0.24.rc1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

References


[ 1 ] Bug #531199 - asterisk: ACL not respected on SIP INVITE (AST-2009-007) https://bugzilla.redhat.com/show_bug.cgi?id=531199

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update asterisk' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: asterisk
Product: Fedora 11
Version: 1.6.1.8
Release: 1.fc11
URL: https://www.asterisk.org/
Summary: The Open Source PBX

Topics%20covered

Topics Covered

security advisory moderate security issue Fedora access control asterisk SIP INVITE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here