Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 629692 (CVE-2017-14098)

Summary: <net-misc/asterisk-{11.25.3,13.17.2}: Denial of Service in Asterisk before 14.6.1 (CVE-2017-14098)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: chainsaw
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [glsa cve blocked]
Package list:
Runtime testing required: ---
Bug Depends on: 629682    
Bug Blocks:    

Description D'juan McDonald (domhnall) 2017-09-02 19:34:12 UTC
From ${URL}:

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

Upstream Bug:(

Upstream Patch 2/2:
Asterisk 13 -
Asterisk 14 -
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2017-10-19 01:40:55 UTC
Next time please update the summary vice an ambiguous blocker that requires tracing.
Comment 2 D'juan McDonald (domhnall) 2017-10-27 15:33:07 UTC
Added to an existing GLSA request

Gentoo Security Padawan
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-10-29 19:15:02 UTC
This issue was resolved and addressed in
 GLSA 201710-29 at
by GLSA coordinator Aaron Bauman (b-man).