[Secure-testing-team] Bug#631448: asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote pointers
Tzafrir Cohen
tzafrir at debian.org
Thu Jun 23 23:12:43 UTC 2011
Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
A memory address was inadvertently transmitted over the network via IAX2
via an option control frame and the remote party would try to access it.
This applies only to version 1.8 in Wheezy/Sid and not to the versions in
Lenny and Squeeze. The advisory does apply to some newer versions of
Asterisk 1.4 and 1.6.2, but not to the older versions used in Lenny and
Squeeze, respectively.
For more information, see
http://downloads.asterisk.org/pub/security/AST-2011-010.html
More information about the Secure-testing-team
mailing list