{
  "schema_version": "1.7.0",
  "id": "MGASA-2016-0344",
  "published": "2016-10-18T18:43:39Z",
  "modified": "2016-10-18T12:38:00Z",
  "summary": "Updated asterisk packages fixes security vulnerability",
  "details": "The overlap dialing feature in chan_sip allows chan_sip to report to a device\nthat the number that has been dialed is incomplete and more digits are required.\nIf this functionality is used with a device that has performed username/password\nauthentication RTP resources are leaked. This occurs because the code fails to\nrelease the old RTP resources before allocating new ones in this scenario. If\nall resources are used then RTP port exhaustion will occur and no RTP sessions\nare able to be set up (AST-2016-007).\n",
  "upstream": [
    "AST-2016-007"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2016-0344.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=19352"
    },
    {
      "type": "WEB",
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-007.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "asterisk",
        "purl": "pkg:rpm/mageia/asterisk?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.23.1-1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}