Bug 1304670 (CVE-2016-2316)
| Summary: | CVE-2016-2316 asterisk: File descriptor exhaustion in chan_sip (AST-2016-002) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bazanluis20, itamar, jsmith.fedora, lmadsen, rbryant |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | asterisk 11.21.1, asterisk 13.7.1 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-02-12 15:15:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1304671, 1304672 | ||
| Bug Blocks: | |||
|
Description
Adam Mariš
2016-02-04 10:19:51 UTC
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 1304671] Affects: epel-6 [bug 1304672] I've updated Rawhide to upstream release 13.7.1, which corrects this issue (as well as two other reported security issues). Once the build finishes in Rawhide, I'll push to f23 and f22 for testing as well. CVE assignment information from upstream: http://downloads.asterisk.org/pub/security/AST-2016-002.html asterisk-13.7.1-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. asterisk-13.7.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |