Mageia Advisory: MGASA-2016-0344 - Updated asterisk packages fixes security vulnerability

Updated asterisk packages fixes security vulnerability

Publication date: 18 Oct 2016
Modification date: 18 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: AST-2016-007

Description

The overlap dialing feature in chan_sip allows chan_sip to report to a device
that the number that has been dialed is incomplete and more digits are required.
If this functionality is used with a device that has performed username/password
authentication RTP resources are leaked. This occurs because the code fails to
release the old RTP resources before allocating new ones in this scenario. If
all resources are used then RTP port exhaustion will occur and no RTP sessions
are able to be set up (AST-2016-007).

References

https://bugs.mageia.org/show_bug.cgi?id=19352
http://downloads.asterisk.org/pub/security/AST-2016-007.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=AST-2016-007

SRPMS

5/core

asterisk-11.23.1-1.mga5

Advisories » MGASA-2016-0344

Updated asterisk packages fixes security vulnerability

Description

References

SRPMS

5/core