Asterisk Project Security Advisory - AST-2018-005 Product Asterisk Summary Crash when large numbers of TCP connections are closed suddenly Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On January 24, 2018 Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 21, 2018 Advisory Contact gjoseph AT digium DOT com CVE Name CVE-2018-7286 Description A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault. Resolution A patch to asterisk is available that prevents the crash by locking the underlying transport until a response is sent. Affected Versions Product Release Series Asterisk Open Source 13.x All Versions Asterisk Open Source 14.x All Versions Asterisk Open Source 15.x All Versions Certified Asterisk 13.18 All Versions Corrected In Product Release Asterisk Open Source 13.19.2, 14.7.6, 15.2.2 Certified Asterisk 13.18-cert3 Patches SVN URL Revision http://ift.tt/2CCr0wF Asterisk 13 http://ift.tt/2EKsxaa Asterisk 14 http://ift.tt/2CA75ie Asterisk 15 http://ift.tt/2EKsxqG Certified Asterisk 13.18 Links http://ift.tt/2CCluKB http://ift.tt/2HAws6Z Asterisk Project Security Advisories are posted at http://ift.tt/12wGWyz This document may be superseded by later versions; if so, the latest version will be posted at http://ift.tt/2CBqWxe and http://ift.tt/2EJMnCl Revision History Date Editor Revisions Made February 6, 2018 George Joseph Initial Revision Asterisk Project Security Advisory - AST-2018-005 Copyright 2018 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment