| Summary: | <net-misc/asterisk-{11.25.3,13.17.2}: Denial of Service in Asterisk before 14.6.1 (CVE-2017-14098) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | chainsaw |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://downloads.asterisk.org/pub/security/AST-2017-007.html | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=629682 | ||
| Whiteboard: | B3 [glsa cve blocked] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 629682 | ||
| Bug Blocks: | |||
Next time please update the summary vice an ambiguous blocker that requires tracing. Added to an existing GLSA request Gentoo Security Padawan (jmbailey/mbailey_j) This issue was resolved and addressed in GLSA 201710-29 at https://security.gentoo.org/glsa/201710-29 by GLSA coordinator Aaron Bauman (b-man). |
From ${URL}: In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. Upstream Bug:(http://downloads.asterisk.org/pub/security/AST-2017-007.html) Upstream Patch 2/2: Asterisk 13 - http://downloads.asterisk.org/pub/security/AST-2017-006 Asterisk 14 - http://downloads.asterisk.org/pub/security/AST-2017-006