|
|
Log in / Subscribe / Register

Mageia alert MGASA-2016-0344 (asterisk)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0344: Updated asterisk packages fixes security vulnerability 


Date:
    	      Tue, 18 Oct 2016 20:44:12 +0200


Message-ID:
    	      <20161018184412.2CB559F79F@duvel.mageia.org>


MGASA-2016-0344 - Updated asterisk packages fixes security vulnerability

Publication date: 18 Oct 2016
URL: http://advisories.mageia.org/MGASA-2016-0344.html
Type: security
Affected Mageia releases: 5
CVE: AST-2016-007

Description:
The overlap dialing feature in chan_sip allows chan_sip to report to a device
that the number that has been dialed is incomplete and more digits are required.
If this functionality is used with a device that has performed username/password
authentication RTP resources are leaked. This occurs because the code fails to
release the old RTP resources before allocating new ones in this scenario. If
all resources are used then RTP port exhaustion will occur and no RTP sessions
are able to be set up (AST-2016-007).

References:
- https://bugs.mageia.org/show_bug.cgi?id=19352
- http://downloads.asterisk.org/pub/security/AST-2016-007.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=AST-2016-007

SRPMS:
- 5/core/asterisk-11.23.1-1.mga5
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds