Bug 480132 (CVE-2009-0041)
Summary: | CVE-2009-0041 asterisk: Replies to failed login attempts differently based on whether the user account exists (information disclosure) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jeff |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/bid/33174 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-10-27 18:19:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2009-01-15 10:17:31 UTC
This issue affects all versions of the Asterisk package, as shipped with Fedora releases of 9, 10 and devel. Please fix. Updates to 1.6.0.3 are already built and pushed to testing: https://admin.fedoraproject.org/updates/F9/FEDORA-2009-0536 https://admin.fedoraproject.org/updates/F10/FEDORA-2009-0448 Fixed asterisk packages are now in all current Fedora versions. |