The following issue was made public in the AST-2014-014 advisory [1][2]: The ConfBridge application uses an internal bridging API to implement conference bridges. This internal API uses a state model for channels within the conference bridge and transitions between states as different things occur. Under load it is possible for some state transitions to be delayed causing the channel to transition from being hung up to waiting for media. As the channel has been hung up remotely no further media will arrive and the channel will stay within ConfBridge indefinitely. Patches for this issue are linked to in the AST-2014-014 [1][2] advisory. References: [1] http://downloads.asterisk.org/pub/security/AST-2014-014.pdf [2] http://seclists.org/fulldisclosure/2014/Nov/67
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 1166684]
This issue is assigned CVE-2014-8414: http://downloads.asterisk.org/pub/security/AST-2014-014.html
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.