Advisories » MGASA-2013-0279

Updated freeswitch packages fix security vulnerability

Publication date: 19 Sep 2013
Modification date: 19 Sep 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2238

Description

In FreeSWITCH before 1.2.12, if the routing configuration includes
regular expressions that don't constrain the length of the input, buffer
overflows are possible. Since these regular expressions are matched
against untrusted input, remote code execution may be possible
(CVE-2013-2238).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10743
• http://openwall.com/lists/oss-security/2013/07/01/11
• http://jira.freeswitch.org/browse/FS-5566
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2238

SRPMS

3/core

• freeswitch-1.2.12-6.mga3