[Bug 1022360] [NEW] (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions

karma 1022360 at bugs.launchpad.net
Sun Jul 8 19:12:29 UTC 2012 

*** This bug is a security vulnerability ***

Public security bug reported:

AST-2012-011

If a single voicemail account is manipulated by two parties  
simultaneously, a condition can occur where memory is freed  
twice causing a crash.

http://downloads.asterisk.org/pub/security/AST-2012-011.txt
http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
http://downloads.asterisk.org/pub/security/AST-2012-011-1.8.diff
http://downloads.asterisk.org/pub/security/AST-2012-011-10.diff

** Affects: asterisk (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: asterisk (Debian)
     Importance: Unknown
         Status: Unknown

** Affects: asterisk (Fedora)
     Importance: Unknown
         Status: Unknown

** Affects: gentoo
     Importance: Unknown
         Status: Unknown

** Bug watch added: Red Hat Bugzilla #838179
   https://bugzilla.redhat.com/show_bug.cgi?id=838179

** Also affects: asterisk (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=838179
   Importance: Unknown
       Status: Unknown

** Bug watch added: Gentoo Bugzilla #425050
   https://bugs.gentoo.org/show_bug.cgi?id=425050

** Also affects: gentoo via
   https://bugs.gentoo.org/show_bug.cgi?id=425050
   Importance: Unknown
       Status: Unknown

** Summary changed:

- (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application
+ (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/1022360

Title:
  (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in
  voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk:
  Possible resource leak on uncompleted re-invite transactions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/+subscriptions

More information about the Ubuntu-server-bugs mailing list