Debian alert DLA-4326-1 (asterisk)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4326-1] asterisk security update | |
| Date: | Fri, 10 Oct 2025 16:23:42 +0200 | |
| Message-ID: | <72115fc233a066650615e3fff686018ec9705305.camel@debian.org> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4326-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany October 10, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : asterisk Version : 1:16.28.0~dfsg-0+deb11u8 CVE ID : CVE-2025-1131 CVE-2025-54995 Two security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. CVE-2025-1131 A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart. Default Debian installations are not affected by this problem. CVE-2025-54995 Prior to this version, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in resource exhaustion. For Debian 11 bullseye, these problems have been fixed in version 1:16.28.0~dfsg-0+deb11u8. We recommend that you upgrade your asterisk packages. For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmjpFu9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSIWA/7BZyaoNY4s9y7xoq27zUjTR3So9nopo/fmGXaAEg27mt0HxoRndmKXczm wTCoBOCB4l+a0gPkyDue329XK1uhNmL3MkwdSFvn5B8HX/LLDvqziVAp2p42paSh mD87BPQXBztbyzD7Ekn3jur+QJ6yMI241f1gVphdsBzVXu6q6ZyjkHanMJ4Ws3Uw fBxQW2RzzkxQKalVKi+axyEAvcnRNZ22h000BhLU440kaJ2Xdl0+gxHCTN+9nCJj Sdo9W3GoEyMUBZLUCjJrNAn8/tBqJrUS5Lr+DUMKwlvz0C9uuMD9nTG5OPsorDFU ItxXOm03ilBnHZKlTjnUWcIaKGsohURdi8k4fynnxIfTOlnD6rz2hAeUpYcn7sUt XcP25PziXezYSAE3oF5cYj5ODNTz2+yKQX2lfR7h/iGH1iAC+lNZ+Wo14YfGoLJm Pw1zL4224cg3nvYqcDZ8MKME6yevcRfL+eRF0NCz3weciF4ra3GyeCXiKG3T0Nrm DMIMQxE8UG0Nmd0Rk07Yr4WeUC+R6m97kKOArueiyh60ubNJ2Vhvl+A/YdshOlFB jFlLpG+cPYwlHlJnVlD8K9EgkMbAUaNmwI5F4sRfGKgAOGjjfzhmAR7GRq6cIMEM jBc0+/Zyxgowh3MizxENq6hiyuYFN41BJYzbR5A9YSkLDwnOYRk= =GKir -----END PGP SIGNATURE-----