MGASA-2013-0266

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0266.html

Import Source

https://advisories.mageia.org/MGASA-2013-0266.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0266

Related

Published

2013-08-30T17:36:06Z

Modified

2013-08-30T17:36:03Z

Summary

Updated asterisk package fixes security vulnerabilities

Details

A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present (CVE-2013-5641).

A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set (CVE-2013-5642).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / asterisk

Package

Name: asterisk
Purl: pkg:rpm/mageia/asterisk?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.5.1-1.mga3

Ecosystem specific

{
    "section": "core"
}