MGASA-2013-0266

Source
https://advisories.mageia.org/MGASA-2013-0266.html
Import Source
https://advisories.mageia.org/MGASA-2013-0266.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2013-0266
Related
Published
2013-08-30T17:36:06Z
Modified
2013-08-30T17:36:03Z
Summary
Updated asterisk package fixes security vulnerabilities
Details

A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present (CVE-2013-5641).

A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set (CVE-2013-5642).

References
Credits

Affected packages

Mageia:3 / asterisk

Package

Name
asterisk
Purl
pkg:rpm/mageia/asterisk?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.5.1-1.mga3

Ecosystem specific

{
    "section": "core"
}