Bug 533137 - (CVE-2009-3727) CVE-2009-3727 Asterisk: SIP responses expose valid usernames (AST-2009-008)
CVE-2009-3727 Asterisk: SIP responses expose valid usernames (AST-2009-008)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://downloads.asterisk.org/pub/sec...
impact=moderate,source=debian,reporte...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-05 05:24 EST by Jan Lieskovsky
Modified: 2010-03-01 11:25 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-01 11:25:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Jan Lieskovsky 2009-11-05 05:26:00 EST
This issue affects latest versions of the Asterisk package, as shipped with
Fedora 10 and 11 (asterisk-1.6.0.15-2.fc10, asterisk-1.6.1.8-1.fc11)
and as scheduled to appear in Fedora 12 (asterisk-1.6.1.8-1.fc12).

Please fix.
Comment 2 Fedora Update System 2009-11-05 10:11:35 EST
asterisk-1.6.0.17-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/asterisk-1.6.0.17-2.fc10
Comment 3 Fedora Update System 2009-11-05 10:13:21 EST
asterisk-1.6.1.9-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/asterisk-1.6.1.9-1.fc11
Comment 4 Jeffrey C. Ollie 2009-11-05 10:30:29 EST
F-12:

https://fedorahosted.org/rel-eng/ticket/3116
Comment 5 Jan Lieskovsky 2009-11-06 12:33:12 EST
This is CVE-2009-3727.
Comment 6 Fedora Update System 2009-11-24 02:31:14 EST
asterisk-1.6.1.9-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2009-11-24 02:43:32 EST
asterisk-1.6.0.17-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Jeffrey C. Ollie 2010-03-01 10:50:28 EST
Can this bug be closed now?
Comment 9 Vincent Danen 2010-03-01 11:25:15 EST
Yes, Fedora has 1.6.1.12 across the board now, and this was corrected upstream in 1.6.1.9.

Note You need to log in before you can comment on or make changes to this bug.