A buffer overflow flaw was found in how Asterisk parsed SIP SDP headers: The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely. This affects the 11.x series of Asterisk and is corrected in version 11.2.2. Earlier versions are not affected. External References: http://downloads.asterisk.org/pub/security/AST-2013-001.html
Created asterisk tracking bugs for this issue Affects: fedora-18 [bug 928552]
asterisk-11.2.2-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.