| Errata ID | 275 |
|---|---|
| Date | 2018-10-17 |
| Source package | asterisk |
| Fixed in version | 1:13.14.1~dfsg-2+deb9u4 |
| Description | This update addresses the following issues: * A Buffer Overflow issue was discovered in Asterisk. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. (CVE-2018-7284) * res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. (CVE-2018-7286) * When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. (CVE-2018-12227) * There is a stack consumption vulnerability in the res_http_websocket.so module. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. (CVE-2018-17281) |
| Additional notes | |
| CVE ID | CVE-2018-7284 CVE-2018-7286 CVE-2018-12227 CVE-2018-17281 |
| UCS Bug number | #48007 |
