Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service. CVE-2007-1561 Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service. CVE-2007-2294 It was discovered that a NULL pointer dereference in the manager interface could lead to denial of service. CVE-2007-2297 It was discovered that a programming error in the SIP implementation could lead to denial of service. CVE-2007-2488 Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure. CVE-2007-3762 Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code. CVE-2007-3763 Chris Clark and Zane Lackey discovered that several NULL pointer dereferences in the IAX2 implementation could lead to denial of service. CVE-2007-3764 Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service. For the oldstable distribution (sarge) these problems have been fixed in version 1.0.7.dfsg.1-2sarge5. For the stable distribution (etch) these problems have been fixed in version 1:1.2.13~dfsg-2etch1. For the unstable distribution (sid) these problems have been fixed in version 1:1.4.11~dfsg-1. We recommend that you upgrade your Asterisk packages.
Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:
Mu Security
discovered that a NULL pointer dereference in the SIP
implementation could lead to denial of service.
Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service.
It was discovered that a NULL pointer dereference in the manager interface could lead to denial of service.
It was discovered that a programming error in the SIP implementation could lead to denial of service.
Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure.
Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code.
Chris Clark and Zane Lackey discovered that several NULL pointer dereferences in the IAX2 implementation could lead to denial of service.
Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service.
For the oldstable distribution (sarge) these problems have been fixed in version 1.0.7.dfsg.1-2sarge5.
For the stable distribution (etch) these problems have been fixed in version 1:1.2.13~dfsg-2etch4.
For the unstable distribution (sid) these problems have been fixed in version 1:1.4.11~dfsg-1.
We recommend that you upgrade your Asterisk packages.
MD5 checksums of the listed files are available in the original advisory.