[Bug 1022360] [NEW] (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions
karma
1022360 at bugs.launchpad.net
Sun Jul 8 19:12:29 UTC 2012
*** This bug is a security vulnerability ***
Public security bug reported:
AST-2012-011
If a single voicemail account is manipulated by two parties
simultaneously, a condition can occur where memory is freed
twice causing a crash.
http://downloads.asterisk.org/pub/security/AST-2012-011.txt
http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
http://downloads.asterisk.org/pub/security/AST-2012-011-1.8.diff
http://downloads.asterisk.org/pub/security/AST-2012-011-10.diff
** Affects: asterisk (Ubuntu)
Importance: Undecided
Status: New
** Affects: asterisk (Debian)
Importance: Unknown
Status: Unknown
** Affects: asterisk (Fedora)
Importance: Unknown
Status: Unknown
** Affects: gentoo
Importance: Unknown
Status: Unknown
** Bug watch added: Red Hat Bugzilla #838179
https://bugzilla.redhat.com/show_bug.cgi?id=838179
** Also affects: asterisk (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=838179
Importance: Unknown
Status: Unknown
** Bug watch added: Gentoo Bugzilla #425050
https://bugs.gentoo.org/show_bug.cgi?id=425050
** Also affects: gentoo via
https://bugs.gentoo.org/show_bug.cgi?id=425050
Importance: Unknown
Status: Unknown
** Summary changed:
- (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application
+ (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/1022360
Title:
(CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in
voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk:
Possible resource leak on uncompleted re-invite transactions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/+subscriptions
More information about the Ubuntu-server-bugs
mailing list