[Frugalware-security] [ FSA-458 ] asterisk

[Miklos Vajna]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-458

Date: 2008-05-26
Package: asterisk
Vulnerable versions: <= 1.4.17-1
Unaffected versions: >= 1.4.19.2-1kalgan1
Related bugreport: http://bugs.frugalware.org/task/3077
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923

Description
===========

A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.

Updated Packages
================

Check if you have asterisk installed:

	# pacman-g2 -Q asterisk

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy asterisk

Availability
============

The latest revision of this advisory is available at
http://frugalware.org/security/458

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iEYEARECAAYFAkg6yHAACgkQZ7NElSD1VhkYjwCcDaq8eS1viYOcrIY1mRcZE3kR
LjwAoKIMZpsKAzUdhrp7wQKSTgYVwsnq
=BZni
-----END PGP SIGNATURE-----