Debian DSA-3990-1 : asterisk - security update

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote Debian host is missing a security-related update.

Description :

Klaus-Peter Junghann discovered that insufficient validation of RTCP
packets in Asterisk may result in an information leak. Please see the
upstream advisory at for
additional details.

See also :

Solution :

Upgrade the asterisk packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:11.13.1~dfsg-2+deb8u4.

For the stable distribution (stretch), this problem has been fixed in
version 1:13.14.1~dfsg-2+deb9u2.

Risk factor :


Family: Debian Local Security Checks

Nessus Plugin ID: 103654 ()

Bugtraq ID:

CVE ID: CVE-2017-14603

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now