asterisk: Multiple vulnerabilities (CVE-2017-14098, CVE-2017-14099, CVE-2017-14100)
CVE-2017-14098: Remote Crash Vulerability in res_pjsip
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
https://downloads.asterisk.org/pub/security/AST-2017-007.html
CVE-2017-14099: Media takeover in RTP stack
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
http://downloads.asterisk.org/pub/security/AST-2017-005.html
CVE-2017-14100: Shell access command injection in app_minivm
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
https://downloads.asterisk.org/pub/security/AST-2017-006.html
(from redmine: issue id 7791, created on 2017-09-05, closed on 2017-09-25)
- Relations:
- child #7792 (closed)
- child #7793 (closed)
- child #7794 (closed)
- child #7795 (closed)
- Changesets:
- Revision b5b79ee2 by Timo Teräs on 2017-09-06T13:00:47Z:
main/asterisk: security upgrade to 14.6.1
fixes #7791
AST-2017-005: Media takeover in RTP stack
AST-2017-006: Shell access command injection in app_minivm
AST-2017-007: Remote Crash Vulerability in res_pjsip