[3.4] asterisk: Multiple vulnerabilities (CVE-2017-14099, CVE-2017-14100)
CVE-2017-14099: Media takeover in RTP stack
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
http://downloads.asterisk.org/pub/security/AST-2017-005.html
CVE-2017-14100: Shell access command injection in app_minivm
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
https://downloads.asterisk.org/pub/security/AST-2017-006.html
(from redmine: issue id 7794, created on 2017-09-05, closed on 2017-09-25)
- Relations:
- parent #7791 (closed)
- Changesets:
- Revision b6db4bdb by Timo Teräs on 2017-09-25T08:22:30Z:
main/asterisk: security upgrade to 13.17.2
fixes #7794
AST-2017-005 (CVE-2017-14099): Media takeover in RTP stack
AST-2017-006 (CVE-2017-14100): Shell access command injection in app_minivm
AST-2017-008 (CVE-2017-14603): RTP/RTCP information leak