Updated asterisk packages fix CVE-2016-2316
Publication date: 02 Mar 2016Modification date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2316
Description
Updated asterisk packages fix security vulnerability:
chan_sip in Asterisk Open Source 11.x before 11.21.1, when the timert1 sip.conf
configuration is set to a value greater than 1245, allows remote attackers to
cause a denial of service (file descriptor consumption) via vectors related to
large retransmit timeout values (CVE-2016-2316).
References
SRPMS
5/core
- asterisk-11.21.2-1.mga5