GLSA-201406-25 : Asterisk: Multiple vulnerabilities
Medium Nessus Plugin ID 76227
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201406-25 (Asterisk: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers below for details.
A remote attacker that gains access to a privileged Asterisk account can execute arbitrary system shell commands. Furthermore an unprivileged remote attacker could cause a Denial of Service condition.
There is no known workaround at this time.
SolutionAll Asterisk 11 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-11.10.2' All Asterisk 1.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-220.127.116.11'