Fedora 14 : asterisk-1.6.2.17.2-1.fc14 (2011-3942)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

The Asterisk Development Team has announced security releases for
Asterisk branches 1.6.1, 1.6.2, and 1.8. The available security
releases are released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases ** This
is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two
issues :

- Resource exhaustion in Asterisk Manager Interface
(AST-2011-003)

- Remote crash vulnerability in TCP/TLS server
(AST-2011-004) The issues and resolutions are
described in the AST-2011-003 and AST-2011-004
security advisories. For more information about the
details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004,
which were released at the same time as this
announcement. For a full list of changes in the
current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/r
eleases/ChangeLog-1.6.1.24
http://downloads.asterisk.org/pub/telephony/asterisk/r
eleases/ChangeLog-1.6.2.17.2
http://downloads.asterisk.org/pub/telephony/asterisk/r
eleases/ChangeLog-1.8.3.2 Security advisory
AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-00
3.pdf
http://downloads.asterisk.org/pub/security/AST-2011-00
4.pdf

See also :

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf
http://downloads.asterisk.org/pub/telephony/asterisk/releases
http://www.nessus.org/u?f0701a5c
http://www.nessus.org/u?30c4b6d0
http://www.nessus.org/u?e486547a
https://bugzilla.redhat.com/show_bug.cgi?id=688675
https://bugzilla.redhat.com/show_bug.cgi?id=688678
http://www.nessus.org/u?d67ffc1a

Solution :

Update the affected asterisk package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 53242 ()

Bugtraq ID: 46897
46898

CVE ID: CVE-2011-1174
CVE-2011-1175