Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

The Asterisk Development Team has announced the release of Asterisk
1.8.3. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/ The release of
Asterisk 1.8.3 resolves several issues reported by the community and
would have not been possible without your participation. Thank you!
The following is a sample of the issues resolved in this release :

- Resolve duplicated data in the AstDB when using
DIALGROUP() (Closes issue #18091. Reported by bunny.
Patched by tilghman)

- Ensure the ipaddr field in realtime is large enough to
handle IPv6 addresses. (Closes issue #18464. Reported,
patched by IgorG)

- Reworking parsing of mwi => lines to resolve a segfault.
Also add a set of unit tests for the function that does
the parsing. (Closes issue #18350. Reported by gbour.
Patched by Marquis)

- When using cdr_pgsql the billsec field was not populated
correctly on unanswered calls. (Closes issue #18406.
Reported by joscas. Patched by tilghman)

- Resolve memory leak in iCalendar and Exchange
calendaring modules. (Closes issue #18521. Reported,
patched by pitel. Tested by cervajs)

- This version of Asterisk includes the new Compiler Flags
option BETTER_BACKTRACES which uses libbfd to search for
better symbol information within both the Asterisk
binary, as well as loaded modules, to assist when using
inline backtraces to track down problems. (Patched by
tilghman)

- Resolve issue where no Music On Hold may be triggered
when using res_timing_dahdi. (Closes issues #18262.
Reported by francesco_r. Patched by cjacobson. Tested by
francesco_r, rfrantik, one47)

- Resolve a memory leak when the Asterisk Manager
Interface is disabled. (Reported internally by kmorgan.
Patched by russellb)

- Reimplemented fax session reservation to reverse the ABI
breakage introduced in r297486. (Reported internally.
Patched by mnicholson)

- Fix regression that changed behavior of queues when
ringing a queue member. (Closes issue #18747, #18733.
Reported by vrban. Patched by qwell.)

- Resolve deadlock involving REFER. (Closes issue #18403.
Reported, tested by jthurman. Patched by jpeeler.)
Additionally, this release has the changes related to
security bulletin AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.
pdf For a full list of changes in this release, please
see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/Cha
ngeLog-1.8.3

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
http://downloads.asterisk.org/pub/telephony/asterisk/
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3
https://bugzilla.redhat.com/show_bug.cgi?id=18091
https://bugzilla.redhat.com/show_bug.cgi?id=18262
https://bugzilla.redhat.com/show_bug.cgi?id=18350
https://bugzilla.redhat.com/show_bug.cgi?id=18403
https://bugzilla.redhat.com/show_bug.cgi?id=18406
https://bugzilla.redhat.com/show_bug.cgi?id=18464
https://bugzilla.redhat.com/show_bug.cgi?id=18521
https://bugzilla.redhat.com/show_bug.cgi?id=18733
https://bugzilla.redhat.com/show_bug.cgi?id=18747
http://www.nessus.org/u?704c4ace

Solution :

Update the affected asterisk package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 52561 ()

Bugtraq ID: 46474

CVE ID: CVE-2011-1147

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now