From $URL: When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable. ... Corrected In: Asterisk Open Source 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4
1.6.2.16.2 & 1.8.2.4 are both in the portage tree, the former stable and the latter masked. Security, please proceed with GLSA vote.
(In reply to comment #1) > 1.6.2.16.2 & 1.8.2.4 are both in the portage tree, the former stable and the > latter masked. Security, please proceed with GLSA vote. > Thanks, Tony. No vote required. GLSA request filed (with 352059).
CVE-2011-1147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1147): Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
This issue was resolved and addressed in GLSA 201110-21 at http://security.gentoo.org/glsa/glsa-201110-21.xml by GLSA coordinator Tim Sammut (underling).