A denial of service flaw was found in the way Asterisk, an open-source telephony toolkit, performed processing of certain HTTP POST requests with very large Content-Length values. A remote attacker could use this flaw to cause asterisk telephony server to crash (denial of service). Upstream advisory: [1] http://downloads.asterisk.org/pub/security/AST-2013-002.html Relevant upstream patches: [2] http://downloads.asterisk.org/pub/security/AST-2013-002-1.8.diff [3] http://downloads.asterisk.org/pub/security/AST-2013-002-10.diff [4] http://downloads.asterisk.org/pub/security/AST-2013-002-11.diff
This issue affects the versions of the asterisk package, as shipped with Fedora release of 18, 17, and Fedora EPEL-6. Please schedule an update.
Created asterisk tracking bugs for this issue Affects: fedora-18 [bug 928552]
Created asterisk tracking bugs for this issue Affects: fedora-17 [bug 928779] Affects: epel-6 [bug 928780]
asterisk-10.12.2-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.