Package: asterisk Version: 1:1.8.8.0~dfsg-1 Severity: grave Tags: security patch upstream Justification: causes non-serious data loss
http://downloads.asterisk.org/pub/security/AST-2012-001.html (No CVE set yet, AFAIK) An attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the res_srtp Asterisk module is loaded. I am not aware of any exploits to the issue. It requires the remote user to be permitted to connect to the system but certain systems may also allow guests. No effect on the version in Squeeze, as Asterisk did not have SRTP support before 1.8 and Squeeze uses 1.6.2 . -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
