Debian DSA-4076-1 : asterisk - security update

This script is Copyright (C) 2018 Tenable Network Security, Inc.


Synopsis :

The remote Debian host is missing a security-related update.

Description :

Multiple vulnerabilities have been discovered in Asterisk, an open
source PBX and telephony toolkit, which may result in denial of
service, information disclosure and potentially the execution of
arbitrary code.

See also :

https://security-tracker.debian.org/tracker/asterisk
https://packages.debian.org/source/jessie/asterisk
https://packages.debian.org/source/stretch/asterisk
http://www.debian.org/security/2017/dsa-4076

Solution :

Upgrade the asterisk packages.

For the oldstable distribution (jessie), these problems have been
fixed in version 1:11.13.1~dfsg-2+deb8u5.

For the stable distribution (stretch), these problems have been fixed
in version 1:13.14.1~dfsg-2+deb9u3.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: Debian Local Security Checks

Nessus Plugin ID: 105498 ()

Bugtraq ID:

CVE ID: CVE-2017-16671
CVE-2017-16672
CVE-2017-17090
CVE-2017-17664

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now