Gentoo alert 202601-04 (Asterisk)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202601-04 ] Asterisk: Multiple Vulnerabilities | |
| Date: | Mon, 26 Jan 2026 10:31:08 -0000 | |
| Message-ID: | <176942346907.7.3657126094437671766@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202601-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Asterisk: Multiple Vulnerabilities Date: January 26, 2026 Bugs: #960930 ID: 202601-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. Background ========== Asterisk is an open source telephony engine and toolkit. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ net-misc/asterisk < 18.26.3 >= 18.26.3 Description =========== Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-18.26.3" References ========== [ 1 ] CVE-2025-1131 https://nvd.nist.gov/vuln/detail/CVE-2025-1131 [ 2 ] CVE-2025-49832 https://nvd.nist.gov/vuln/detail/CVE-2025-49832 [ 3 ] CVE-2025-57767 https://nvd.nist.gov/vuln/detail/CVE-2025-57767 [ 4 ] GHSA-64qc-9x89-rx5j [ 5 ] GHSA-mrq5-74j5-f5cr [ 6 ] GHSA-v9q8-9j8m-5xwp Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202601-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2026 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAml3QmwACgkQFMQkOaVy +9kf5RAA2U1jNa4fzZWGMY1VZFLb93dga4eIpINWOcb63oUug1+unF5JO8AbR6bV 00F66sdPbZ9jJ1tUVZNIyrsVw4y7jKrXnBZ0SLWQKPpjOCEXRpw+2IszvC+4K1iS V+5Qj3NMVl6pWBs8Fvakn+dwoJc3V8pSiwOaUNabT/wqWZXkKq90Wsv5/ht2pQbS yX1kSxwAsJHEAU/dyPPfNYkXZfBOCjChKo/9ONaQVO3FLdKTHT2FYQwv87rfarcm SelhPM/WK6gonFFnGXww2Pv46tMwsK+Rn8aYp1+eiGgdXr9vFxRAIC67XodlrIQ6 VvcnGeHWuHhXKwTmyNxwhtZcpMLqsBEf8pu3DGipiy73C+bJzBnIKSNnR9QiHH2l FhMpUtOkI/roeqSXJNdlICEVcdHxHtguCIwhVuVKJSPmfmTM9HrDjvY3ZDezJl/K JBiVX63o8T6PnTNoWinL+V0K8J6Zd8fDJXBkUj5dKx5fn4GQf12vJlzxcpFLvcfZ 0IspQyDnDZR6tlgs4Y5yaawSQ8Z1lzvWUuu57JXwy6bITEb944OOwvYNlVUhfjMX 53Vnk8b8jNzYu8Q/NeHAahauW3JYUDcBnz6oddJuChLE0Pb57Yfg4pOR/KQhnIj8 ufgp1tjZQoj0gSQ8F480ugQFGN0/bphKRXcFjDDY7ET6p6nMFCU= =ktcF -----END PGP SIGNATURE-----