Multiple stack-based buffer overflow flaws were found in the way Asterisk, the open-source PBX software, processed certain SIP, HTTP and XMPP protocol-based network messages. A remote attacker could use this flaw to cause asterisk executable to crash via specially-crafted SIP, HTTP or XMPP protocol messages. References: [1] http://downloads.asterisk.org/pub/security/AST-2012-014.html Upstream patches: [2] http://downloads.asterisk.org/pub/security/AST-2012-014-1.8.11.diff [3] http://downloads.asterisk.org/pub/security/AST-2012-014-1.8.diff [4] http://downloads.asterisk.org/pub/security/AST-2012-014-10.diff [5] http://downloads.asterisk.org/pub/security/AST-2012-014-11.diff [6] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230
This issue affects the versions of the asterisk package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the version of the asterisk package, as shipped with Fedora EPEL 6. Please schedule an update.
Created asterisk tracking bugs for this issue Affects: fedora-all [bug 891650] Affects: epel-6 [bug 891651]
asterisk-11.2.0-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-10.12.0-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-1.8.20.0-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.