Debian DSA-3990-1 : asterisk - security update

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Debian host is missing a security-related update.

Description :

Klaus-Peter Junghann discovered that insufficient validation of RTCP
packets in Asterisk may result in an information leak. Please see the
upstream advisory at
http://downloads.asterisk.org/pub/security/AST-2017-008.html for
additional details.

See also :

http://downloads.asterisk.org/pub/security/AST-2017-008.html
https://packages.debian.org/source/jessie/asterisk
https://packages.debian.org/source/stretch/asterisk
http://www.debian.org/security/2017/dsa-3990

Solution :

Upgrade the asterisk packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:11.13.1~dfsg-2+deb8u4.

For the stable distribution (stretch), this problem has been fixed in
version 1:13.14.1~dfsg-2+deb9u2.

Risk factor :

High

Family: Debian Local Security Checks

Nessus Plugin ID: 103654 ()

Bugtraq ID:

CVE ID: CVE-2017-14603

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now