|
|
Subscribe / Log in / New account

Debian alert DLA-4042-1 (asterisk)



From:
              Daniel Leidert <dleidert@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4042-1] asterisk security update


Date:
              Thu, 06 Feb 2025 01:10:13 +0100


Message-ID:
              <16204828d17b4371226aef2214fdba079e1c8122.camel@debian.org>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4042-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Daniel Leidert
February 06, 2025                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : asterisk
Version        : 1:16.28.0~dfsg-0+deb11u6
CVE ID         : CVE-2024-53566
Debian Bug     : 

An issue has been found in asterisk, an Open Source Private Branch
Exchange.

CVE-2024-53566

   It is possible to access files outside the configuration directory
   via AMI and path traversal even when live_dangerously is not
   enabled.

For Debian 11 bullseye, this problem has been fixed in version
1:16.28.0~dfsg-0+deb11u6.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS






Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmej/eUACgkQS80FZ8KW
0F1ROw/7BIMrJSeP/UCEdSD1JawIlSTQJVb1qVJKc4kvInWW/eljYNjPG0y5xAzE
wexBrCzs5e80bi8Qv3PqYzYWwC3Qs0Glr0C5RY6+NpoGvYBurDFsNj1x16VxP+vG
/u8GovHvXbGvUu7/U++9kUDfRmRsxMFZQQgPUvO6prNpU8R1MCgW/KMPcDjwSWzR
LLel/Kv2DYksfQyzn0O2XWMGWFHpaaIH/5O6HtAcFHD7pacWYlT8kJM744Aun1co
qcXmYqB5gaD7VwvBPfzVPkPWRsQ88xISvrlneDQ1RcQBTbhTdadGl0/D09PgzN90
8LtrHDsA4XDu1rtKPI3qdvEKArSThns0uD88m13gUR+1Otbdb3kFafm5e6visTwI
1PEPaPochpjyI5WdrskkHlw8k7C77r0Z4UU/Cba1yfnL8PoXF7kujc+k6nJdxFUF
lHjOa6wtzdM6sf0en66cXbfWJpjkFv0k43LHXt2u5SEJLegR6/3BADK5VkxRU7UK
hR+x2bVo8+Wjtezq+LfZQ2sjAoLaBFjvHIwXUj8pUqgX33tYBNw21oN6tTJ/dWIf
IrlRrmbx091wTT9GguzTLP3mm2mgjYpbQesXpaI6UbD3GapWkSolA6IFLhCWQbZt
FOnfrFcZDkedkyh8p+zkcGts5Sc7SljFmMMno6K7BFBh4dzPlCc=
=p/83
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds