Remote crash vulnerability was reported in all Asterisk 11.x versions before 11.14.2. http://downloads.asterisk.org/pub/security/AST-2014-019.html When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the session was subsequently torn down this memory would get freed yet again causing a crash. Upstream bug for this: https://issues.asterisk.org/jira/browse/ASTERISK-24472 Upstream patches are available: http://downloads.asterisk.org/pub/security/AST-2014-019-11.diff This is fixed in Asterisk Open Source 11.14.2
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 1173003]
MITRE assigned CVE-2014-9374 to this issue.
asterisk-11.17.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.