Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 629692 (CVE-2017-14098) - <net-misc/asterisk-{11.25.3,13.17.2}: Denial of Service in Asterisk before 14.6.1 (CVE-2017-14098)
Summary: <net-misc/asterisk-{11.25.3,13.17.2}: Denial of Service in Asterisk before 14...
Status: RESOLVED FIXED
Alias: CVE-2017-14098
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://downloads.asterisk.org/pub/sec...
Whiteboard: B3 [glsa cve blocked]
Keywords:
Depends on: CVE-2017-14099, CVE-2017-14100
Blocks:
  Show dependency tree
 
Reported: 2017-09-02 19:34 UTC by D'juan McDonald (domhnall)
Modified: 2017-10-29 19:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-09-02 19:34:12 UTC 
From ${URL}:

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

Upstream Bug:(http://downloads.asterisk.org/pub/security/AST-2017-007.html)

Upstream Patch 2/2:
Asterisk 13 - http://downloads.asterisk.org/pub/security/AST-2017-006
Asterisk 14 - http://downloads.asterisk.org/pub/security/AST-2017-006
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2017-10-19 01:40:55 UTC 
Next time please update the summary vice an ambiguous blocker that requires tracing.
Comment 2 D'juan McDonald (domhnall) 2017-10-27 15:33:07 UTC 
Added to an existing GLSA request

Gentoo Security Padawan
(jmbailey/mbailey_j)
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-10-29 19:15:02 UTC 
This issue was resolved and addressed in
 GLSA 201710-29 at https://security.gentoo.org/glsa/201710-29
by GLSA coordinator Aaron Bauman (b-man).