Bug 1109286
Summary: | CVE-2014-4047 asterisk: DoS due to Exhaustion of Allowed Concurrent HTTP Connections (AST-2014-007) [epel-6] | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | asterisk | Assignee: | Jon Disnard <jdisnard> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | el6 | CC: | Brandon.Vincent, jdisnard, rbryant |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | fst_owner=bvincent | ||
Fixed In Version: | asterisk-1.8.32.1-1.el6 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-12-04 04:06:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1109284 |
Description
Vasyl Kaigorodov
2014-06-13 14:50:16 UTC
Use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. IMPORTANT: ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1109284,1109286 asterisk-1.8.32.1-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/asterisk-1.8.32.1-1.el6 Package asterisk-1.8.32.1-1.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing asterisk-1.8.32.1-1.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4243/asterisk-1.8.32.1-1.el6 then log in and leave karma (feedback). This security vulnerability was fixed upstream in 1.8.28.1. The latest stable version of the asterisk package is 1.8.31.1-1.el6. asterisk-1.8.32.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |