| Summary: | net-misc/asterisk Integer signedness error (CVE-2006-1827) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | rajiv, stkn |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1827 | ||
| Whiteboard: | C2? [noglsa] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-04-24 06:56:14 UTC
It appears that all previous versions are affected. Please advise and patch as necessary. The last hunk of the patch is all we should need if we are backporting. Affected asterisk-1.2.x have been dropped, all asterisk-1.0.x ebuilds have been revision bumped, the following versions need to be marked stable: sparc: 1.0.10-r2 1.0.8-r3 x86: 1.0.8-r3 1.0.7-r4 Thx Stefan. Could you advise on how this is exploitable? x86 and sparc please test and mark stable. rajiv: you normally handle asterisk for x86, could you please test those for us? :) or Stefan. None of us have a set up with which to test it, so I'm more comfortable having one of you two do it. sparc stable. I can't really test the functionality, but everything compiles and starts up fine, and all of the binaries seem to do what they are told :) Stable on x86 According to stkn this is only exploitable for channels that support images (IAX2). Furthermore the picture has to be explicitly opened. So I guess we should have a vote? don't know.... i would tend to vote no. I tend to say NO, too. Picture has to be opened so rerating. I tend to vote yes, unless convinced that it really needs a PEBKAC to work. Debian just released an advisory on this issue along with CVE-2005-3559. After discussing it with jaervosz, I vote NO No GLSA then |