GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Dec 28, 2014 7:26 pm Post subject: [ GLSA 201412-51 ] Asterisk |
|
|
Gentoo Linux Security Advisory
Title: Asterisk: Multiple vulnerabilities (GLSA 201412-51)
Severity: normal
Exploitable: remote
Date: December 28, 2014
Bug(s): #530056, #532242
ID: 201412-51
Synopsis
Multiple vulnerabilities have been found in Asterisk, the worst of
which could lead to Denial of Service, bypass intended ACL restrictions or
allow an authenticated user to gain escalated privileges.
Background
Asterisk is an open source telephony engine and toolkit.
Affected Packages
Package: net-misc/asterisk
Vulnerable: < 11.14.2
Unaffected: >= 11.14.2
Architectures: All supported architectures
Description
Multiple unspecified vulnerabilities have been discovered in Asterisk.
Please review the CVE identifiers referenced below for details.
Impact
Unauthenticated remote attackers can cause Denial of Service or bypass
intended ACL restrictions. Authenticated remote attackers can gain
escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All asterisk users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.14.2"
|
References
CVE-2014-8412
CVE-2014-8414
CVE-2014-8417
CVE-2014-8418
CVE-2014-9374
Last edited by GLSA on Thu Jun 18, 2015 4:16 am; edited 1 time in total |
|