A denial of service flaw was found in the way Asterisk, an open-source PBX software, performed management of its internal device cache in certain circumstances. A remote attacker could use this flaw to cause the asterisk executable to consume excessive amount of system resources via repeated anonymous calls with different sources of the particular anonymous call (forcing the asterisk binary continually to add new devices into its device cache). References: [1] http://downloads.asterisk.org/pub/security/AST-2012-015.html Upstream patches: [2] http://downloads.asterisk.org/pub/security/AST-2012-015-1.8.11.diff [3] http://downloads.asterisk.org/pub/security/AST-2012-015-1.8.diff [4] http://downloads.asterisk.org/pub/security/AST-2012-015-10.diff [5] http://downloads.asterisk.org/pub/security/AST-2012-015-11.diff
This issue affects the versions of the asterisk package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the version of the asterisk package, as shipped with Fedora EPEL 6. Please schedule an update.
Created asterisk tracking bugs for this issue Affects: fedora-all [bug 891650] Affects: epel-6 [bug 891651]
asterisk-11.2.0-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-10.12.0-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-1.8.20.0-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.