[3.3] asterisk: Multiple vulnerabilities (CVE-2017-14099, CVE-2017-14100)
CVE-2017-14099: Media takeover in RTP stack
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
http://downloads.asterisk.org/pub/security/AST-2017-005.html
CVE-2017-14100: Shell access command injection in app_minivm
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
https://downloads.asterisk.org/pub/security/AST-2017-006.html
(from redmine: issue id 7795, created on 2017-09-05, closed on 2017-09-25)
- Relations:
- parent #7791 (closed)
- Changesets:
- Revision 242bd51a by Timo Teräs on 2017-09-25T08:26:46Z:
main/asterisk: security upgrade to 13.17.2
fixes #7795
AST-2017-005 (CVE-2017-14099): Media takeover in RTP stack
AST-2017-006 (CVE-2017-14100): Shell access command injection in app_minivm
AST-2017-008 (CVE-2017-14603): RTP/RTCP information leak
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information