Security Information / 2012 / Security Information -- DSA-2550-2 asterisk

Debian Security Advisory

DSA-2550-2 asterisk -- several vulnerabilities

Date Reported:

26 Sep 2012

Affected Packages:

asterisk

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737.

More information:

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.

More detailed information can be found in the Asterisk advisories: AST-2012-010, AST-2012-011, AST-2012-012, and AST-2012-013.

For the stable distribution (squeeze), these problems have been fixed in version 1:1.6.2.9-2+squeeze8.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1:1.8.13.1~dfsg-1.

We recommend that you upgrade your asterisk packages.