Hide Forgot
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2651 to the following vulnerability: Name: CVE-2009-2651 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651 Assigned: 20090730 Reference: MISC: http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt Reference: CONFIRM: http://downloads.asterisk.org/pub/security/AST-2009-004.html Reference: BID:35837 Reference: URL: http://www.securityfocus.com/bid/35837 Reference: OSVDB:56571 Reference: URL: http://osvdb.org/56571 Reference: SECTRACK:1022608 Reference: URL: http://www.securitytracker.com/id?1022608 Reference: SECUNIA:36039 Reference: URL: http://secunia.com/advisories/36039 Reference: VUPEN:ADV-2009-2067 Reference: URL: http://www.vupen.com/english/advisories/2009/2067 Reference: XF:asterisk-rtp-dos(52046) Reference: URL: http://xforce.iss.net/xforce/xfdb/52046 main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer. Note: the upstream advisory indicates that only 1.6.1.x is affected, so this only affects Fedora 11 and rawhide (Fedora 10 has 1.6.0.5). Upstream patch to correct the issue: http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt Also note that 1.6.1.2 release corrects this issue as well.
Created asterisk tracking bugs for this issue CVE-2009-2651 Affects: Fdevel [bug #514954]
asterisk-1.6.1.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.