Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak. Please see the upstream advisory at http://downloads.asterisk.org/pub/security/AST-2017-008.html for additional details. For the oldstable distribution (jessie), this problem has been fixed in version 1:11.13.1~dfsg-2+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1:13.14.1~dfsg-2+deb9u2. We recommend that you upgrade your asterisk packages.
Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak. Please see the upstream advisory at http://downloads.asterisk.org/pub/security/AST-2017-008.html for additional details.
For the oldstable distribution (jessie), this problem has been fixed in version 1:11.13.1~dfsg-2+deb8u4.
For the stable distribution (stretch), this problem has been fixed in version 1:13.14.1~dfsg-2+deb9u2.
We recommend that you upgrade your asterisk packages.