Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked. Upstream patches: 1.8.x: http://downloads.asterisk.org/pub/security/AST-2014-007-1.8.diff 11.x: http://downloads.asterisk.org/pub/security/AST-2014-007-11.diff External refernces: https://issues.asterisk.org/jira/browse/ASTERISK-23673 http://downloads.digium.com/pub/security/AST-2014-007.html
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 1109285] Affects: epel-6 [bug 1109286]
asterisk-11.10.2-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-11.10.2-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.