Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 629692 (CVE-2017-14098)

Summary: <net-misc/asterisk-{11.25.3,13.17.2}: Denial of Service in Asterisk before 14.6.1 (CVE-2017-14098)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: chainsaw
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://downloads.asterisk.org/pub/security/AST-2017-007.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=629682
Whiteboard: B3 [glsa cve blocked]
Package list:
Runtime testing required: ---
Bug Depends on: 629682    
Bug Blocks:    

Description D'juan McDonald (domhnall) 2017-09-02 19:34:12 UTC
From ${URL}:

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

Upstream Bug:(http://downloads.asterisk.org/pub/security/AST-2017-007.html)

Upstream Patch 2/2:
Asterisk 13 - http://downloads.asterisk.org/pub/security/AST-2017-006
Asterisk 14 - http://downloads.asterisk.org/pub/security/AST-2017-006
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-10-19 01:40:55 UTC
Next time please update the summary vice an ambiguous blocker that requires tracing.
Comment 2 D'juan McDonald (domhnall) 2017-10-27 15:33:07 UTC
Added to an existing GLSA request

Gentoo Security Padawan
(jmbailey/mbailey_j)
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-10-29 19:15:02 UTC
This issue was resolved and addressed in
 GLSA 201710-29 at https://security.gentoo.org/glsa/201710-29
by GLSA coordinator Aaron Bauman (b-man).