diff options
author | flo <flo@FreeBSD.org> | 2011-06-26 06:48:00 +0800 |
---|---|---|
committer | flo <flo@FreeBSD.org> | 2011-06-26 06:48:00 +0800 |
commit | 9c149805802d3f657f0f8e18075732b33224eab0 (patch) | |
tree | a1ae0d6871337f760a9fe13ff1564fa3dedaee11 /security | |
parent | 0737dc5af2155424cc2ac0186c82f8c66100dc0b (diff) | |
download | freebsd-ports-gnome-9c149805802d3f657f0f8e18075732b33224eab0.tar.gz freebsd-ports-gnome-9c149805802d3f657f0f8e18075732b33224eab0.tar.zst freebsd-ports-gnome-9c149805802d3f657f0f8e18075732b33224eab0.zip |
document recent asterisk vulnerabilities
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0d1529052add..0d160a6d62ce 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,54 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="40544e8c-9f7b-11e0-9bec-6c626dd55a41"> + <topic>asterisk -- multiple vulnerabilities</topic> + <affects> + <package> + <name>asterisk14</name> + <range><gt>1.4.*</gt><lt>1.4.41.1</lt></range> + </package> + <package> + <name>asterisk16</name> + <range><gt>1.6.*</gt><lt>1.6.2.18.1</lt></range> + </package> + <package> + <name>asterisk18</name> + <range><gt>1.8.*</gt><lt>1.8.4.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Asterisk Development Team reports:</p> + <blockquote cite="http://www.asterisk.org/node/51650"> + <p>AST-2011-008: If a remote user sends a SIP packet containing a + null, Asterisk assumes available data extends past the null to the + end of the packet when the buffer is actually truncated when + copied. This causes SIP header parsing to modify data past + the end of the buffer altering unrelated memory structures. + This vulnerability does not affect TCP/TLS connections.</p> + <p>AST-2011-009: A remote user sending a SIP packet containing a + Contact header with a missing left angle bracket causes Asterisk to + access a null pointer.</p> + <p>AST-2011-010: A memory address was inadvertently transmitted over + the network via IAX2 via an option control frame and the remote party + would try to access it.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-2529</cvename> + <cvename>CVE-2011-2535</cvename> + <url>http://downloads.asterisk.org/pub/security/AST-2011-008.html</url> + <url>http://downloads.asterisk.org/pub/security/AST-2011-009.html</url> + <url>http://downloads.asterisk.org/pub/security/AST-2011-010.html</url> + </references> + <dates> + <discovery>2011-06-24</discovery> + <entry>2011-06-25</entry> + </dates> + </vuln> + <vuln vid="01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6"> <topic>ejabberd -- remote denial of service vulnerability</topic> <affects> |