lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1FaQAS-000omXC@finlandia.Infodrom.North.DE> Date: Mon May 1 05:46:48 2006 From: joey at infodrom.org (Martin Schulze) Subject: [SECURITY] [DSA 1048-1] New Asterisk packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1048-1 security@...ian.org http://www.debian.org/security/ Martin Schulze May 1st, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : asterisk Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2005-3559 CVE-2006-1827 BugTraq ID : 15336 Debian Bug : 338116 Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3559 Adam Pointon discovered that due to missing input sanitising it is possible to retrieve recorded phone messages for a different extension. CVE-2006-1827 Emmanouel Kellinis discovered an integer signedness error that could trigger a buffer overflow and hence allow the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 0.1.11-3woody1. For the stable distribution (sarge) this problem has been fixed in version 1.0.7.dfsg.1-2sarge2. For the unstable distribution (sid) this problem has been fixed in version 1.2.7.1.dfsg-1. We recommend that you upgrade your asterisk package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.dsc Size/MD5 checksum: 664 373ab7aabc288579558c4f89f5afa6c9 http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.diff.gz Size/MD5 checksum: 7105 0147328df3620d3a2cd4604817518c6f http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11.orig.tar.gz Size/MD5 checksum: 1094520 799022997d32f9f63ee47db4f3069cc7 Alpha architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_alpha.deb Size/MD5 checksum: 1102026 614622fa8f8c1d528834c62b066e9502 ARM architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_arm.deb Size/MD5 checksum: 1007528 7a764a742b9563ca733ac9d593b9f2ba Intel IA-32 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_i386.deb Size/MD5 checksum: 966436 aca1c73b82bab36013ec4facae76c62f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_ia64.deb Size/MD5 checksum: 1221462 b61d30160a3ee4192a1e1bca0cfced47 HP Precision architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_hppa.deb Size/MD5 checksum: 1097966 82456597bb249cf1a0e92e7321537dd9 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_m68k.deb Size/MD5 checksum: 967110 7e991ae768bdffb90338001e4384e27a Little endian MIPS architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_mipsel.deb Size/MD5 checksum: 988628 252c7fcd9903a4c8e99842619a2e3bed PowerPC architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_powerpc.deb Size/MD5 checksum: 1018210 6bcdbe5da063b50f7900f46d2f679c1c IBM S/390 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_s390.deb Size/MD5 checksum: 993864 eb1e66f13d2615a90b167ffbb68e1501 Sun Sparc architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_sparc.deb Size/MD5 checksum: 1073510 5cd2731fbb6afb3b8a3c4cc3e5c887df Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.dsc Size/MD5 checksum: 1261 e99dfbd0308ea3f26a29ce17fe30d755 http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.diff.gz Size/MD5 checksum: 69531 8d64de4a35a37614e37770e49229cc8e http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz Size/MD5 checksum: 2929488 0d0f718ccd7a06ab998c3f637df294c0 Architecture independent components: http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge2_all.deb Size/MD5 checksum: 61454 756d8457fec2dfc73e93d4885ad99632 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge2_all.deb Size/MD5 checksum: 83242 aede47f1e3cb5fb4b092ec106f155503 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge2_all.deb Size/MD5 checksum: 1577520 52edf9d30e42e5f43edb417a48279bc4 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge2_all.deb Size/MD5 checksum: 1179972 ba1498fb09ce854e91c363697e5f56c5 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge2_all.deb Size/MD5 checksum: 28236 29cee78488bd0292e469b02f557f325a Alpha architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_alpha.deb Size/MD5 checksum: 1477470 4b27fd45bf591a45c1df219e7427fb3f http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_alpha.deb Size/MD5 checksum: 31268 fbd1f14dbece0fa6c35020d28cf5fc19 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_alpha.deb Size/MD5 checksum: 21294 b2c38dc8fab098ba42b9a2b9df53365a AMD64 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_amd64.deb Size/MD5 checksum: 1333126 97cf9b0f02ca85a0f3988a419d74d101 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_amd64.deb Size/MD5 checksum: 30694 3da16a12852ccde9c25fd06d20ddf165 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_amd64.deb Size/MD5 checksum: 21298 7fdce0bf81003472019fc238c97039a6 ARM architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_arm.deb Size/MD5 checksum: 1262564 a662f0c5b745b84c77821529a5b95c74 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_arm.deb Size/MD5 checksum: 29408 4b2371af11e31fe17f3b1ce428009c71 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_arm.deb Size/MD5 checksum: 21294 5695bb2ba51ba159f75186ead3aeadd8 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_i386.deb Size/MD5 checksum: 1175100 057c97258c30084249ed87a8e67e34fe http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_i386.deb Size/MD5 checksum: 29722 21b28111a92b3054727af9cdf7ca40db http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_i386.deb Size/MD5 checksum: 21292 7ae9ba55b0ab039f3a0183aa4805af7c Intel IA-64 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_ia64.deb Size/MD5 checksum: 1771018 9a595b393cb2e6f68f27d964e3f7a11a http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_ia64.deb Size/MD5 checksum: 32826 6922be80b649d6ad44081f6bccc512c9 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_ia64.deb Size/MD5 checksum: 21292 bdcf965b876781e1b6aa3b185e9443f6 HP Precision architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_hppa.deb Size/MD5 checksum: 1447646 38bce42679887ab40a5ac4a8e7f725d2 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_hppa.deb Size/MD5 checksum: 31338 447483805146ef8cf996cb3b8c3931a0 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_hppa.deb Size/MD5 checksum: 21296 7224f123df44bb817ac4f4fe8e4fc96d Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_m68k.deb Size/MD5 checksum: 1184568 b6814c31545c9dfa4aea857f7e527929 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_m68k.deb Size/MD5 checksum: 30084 f66438755ea42f48a45e1bcb977d4ed8 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_m68k.deb Size/MD5 checksum: 21302 a29dc084d1a5a3cc9547f610d5f07ace Big endian MIPS architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mips.deb Size/MD5 checksum: 1263690 bcda258393f2672dd2dce565dd71e9d7 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mips.deb Size/MD5 checksum: 29292 a0fc61357a8949cd49e52535f89280e6 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mips.deb Size/MD5 checksum: 21296 b38df181f2f9689c8e71ead3cdf17af8 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mipsel.deb Size/MD5 checksum: 1270114 cfcfdb5ba55a4c15c2f51cd9af0ff914 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mipsel.deb Size/MD5 checksum: 29228 e0323dccf28dcb718a1b5c4c8ae1e9b7 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mipsel.deb Size/MD5 checksum: 21294 a4f3b1157e61cc14f5c3820d5b38348e PowerPC architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_powerpc.deb Size/MD5 checksum: 1421934 d29f00ef7f63141125a9d55dd8f03680 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_powerpc.deb Size/MD5 checksum: 31028 ae3955beb5caff9ecba95a71f1511d6f http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_powerpc.deb Size/MD5 checksum: 21298 0e03c0122050501ca3869a442cc43cc3 IBM S/390 architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_s390.deb Size/MD5 checksum: 1312360 1ce88997009285a2934c29f6109f3c58 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_s390.deb Size/MD5 checksum: 30714 69eac145cbdfe8764b11b0c25de86f71 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_s390.deb Size/MD5 checksum: 21296 778dd4c365e79f059af8a70f4a3e8af8 Sun Sparc architecture: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_sparc.deb Size/MD5 checksum: 1274034 812e80e52c2d0d0e2d0e6b9e735034dd http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_sparc.deb Size/MD5 checksum: 29678 08e85cff017d51beb8834333090fb2f6 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_sparc.deb Size/MD5 checksum: 21296 eab26f52aae41a639dc7221605f5e023 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEVZCbW5ql+IAeqTIRAit4AJ9QuneK2EXDPUe3qerNNv/aFUEK1gCgiqLD JFr8mQVws+5Lk/dB4hpSBXA= =+AvP -----END PGP SIGNATURE-----