Information on source package asterisk

Available versions

ReleaseVersion
jessie (security)1:11.13.1~dfsg-2+deb8u5
stretch (security)1:13.14.1~dfsg-2+deb9u3
buster1:13.22.0~dfsg-2
sid1:13.22.0~dfsg-2

Open issues

BugjessiestretchbustersidDescription
CVE-2018-7286fixedvulnerablefixedfixedAn issue was discovered in Asterisk through 13.19.1, 14.x through ...
CVE-2018-7284fixedvulnerablefixedfixedA Buffer Overflow issue was discovered in Asterisk through 13.19.1, ...
CVE-2018-12227fixedvulnerablefixedfixedAn issue was discovered in Asterisk Open Source 13.x before 13.21.1, ...

Resolved issues

BugDescription
TEMP-0000000-964ED9AST-2016-005
CVE-2018-7287An issue was discovered in res_http_websocket.c in Asterisk 15.x ...
CVE-2018-7285A NULL pointer access issue was discovered in Asterisk 15.x through ...
CVE-2018-12228An issue was discovered in Asterisk Open Source 15.x before 15.4.1. ...
CVE-2017-9358A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...
CVE-2017-7617Remote code execution can occur in Asterisk Open Source 13.x before ...
CVE-2017-17850An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...
CVE-2017-17664A Remote Crash issue was discovered in Asterisk Open Source 13.x before ...
CVE-2017-17090An issue was discovered in chan_skinny.c in Asterisk Open Source ...
CVE-2017-16672An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 ...
CVE-2017-16671A Buffer Overflow issue was discovered in Asterisk Open Source 13 ...
CVE-2017-14603In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before ...
CVE-2017-14100In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before ...
CVE-2017-14099In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...
CVE-2017-14098In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 ...
CVE-2016-9938An issue was discovered in Asterisk Open Source 11.x before 11.25.1, ...
CVE-2016-9937An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x ...
CVE-2016-7551chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...
CVE-2016-7550AST-2016-006
CVE-2016-2316chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and ...
CVE-2016-2232Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before ...
CVE-2015-3008Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x ...
CVE-2015-1558Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when ...
CVE-2014-9374Double free vulnerability in the WebSocket Server (res_http_websocket ...
CVE-2014-8418The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...
CVE-2014-8417ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and ...
CVE-2014-8416Use-after-free vulnerability in the PJSIP channel driver in Asterisk ...
CVE-2014-8415Race condition in the chan_pjsip channel driver in Asterisk Open ...
CVE-2014-8414ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 ...
CVE-2014-8413The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 ...
CVE-2014-8412The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager ...
CVE-2014-6610Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and ...
CVE-2014-6609The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 ...
CVE-2014-4048The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows ...
CVE-2014-4047Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and ...
CVE-2014-4046Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and ...
CVE-2014-4045The Publish/Subscribe Framework in the PJSIP channel driver in ...
CVE-2014-2289res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk ...
CVE-2014-2288The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, ...
CVE-2014-2287channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, ...
CVE-2014-2286main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x ...
CVE-2013-7100Buffer overflow in the unpacksms16 function in apps/app_sms.c in ...
CVE-2013-5642The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source ...
CVE-2013-5641The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source ...
CVE-2013-2686main/http.c in the HTTP server in Asterisk Open Source 1.8.x before ...
CVE-2013-2685Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk ...
CVE-2013-2264The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, ...
CVE-2012-5977Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and ...
CVE-2012-5976Multiple stack consumption vulnerabilities in Asterisk Open Source ...
CVE-2012-4737channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...
CVE-2012-3863channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...
CVE-2012-3812Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...
CVE-2012-3553chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...
CVE-2012-2948chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified ...
CVE-2012-2947chan_iax2.c in the IAX2 channel driver in Certified Asterisk ...
CVE-2012-2416chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...
CVE-2012-2415Heap-based buffer overflow in chan_skinny.c in the Skinny channel ...
CVE-2012-2414main/manager.c in the Manager Interface in Asterisk Open Source ...
CVE-2012-2186Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...
CVE-2012-1184Stack-based buffer overflow in the ast_parse_digest function in ...
CVE-2012-1183Stack-based buffer overflow in the milliwatt_generate function in the ...
CVE-2012-0885chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x ...
CVE-2011-4598The handle_request_info function in channels/chan_sip.c in Asterisk ...
CVE-2011-4597The SIP over UDP implementation in Asterisk Open Source 1.4.x before ...
CVE-2011-4063chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...
CVE-2011-2666The default configuration of the SIP channel driver in Asterisk Open ...
CVE-2011-2665reqresp_parser.c in the SIP channel driver in Asterisk Open Source ...
CVE-2011-2536chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x ...
CVE-2011-2535chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x ...
CVE-2011-2529chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x ...
CVE-2011-2216reqresp_parser.c in the SIP channel driver in Asterisk Open Source ...
CVE-2011-1599manager.c in the Manager Interface in Asterisk Open Source 1.4.x ...
CVE-2011-1507Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, ...
CVE-2011-1175tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before ...
CVE-2011-1174manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x ...
CVE-2011-1147Multiple stack-based and heap-based buffer overflows in the (1) ...
CVE-2011-0495Stack-based buffer overflow in the ast_uri_encode function in ...
CVE-2010-1224main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...
CVE-2010-0685The design of the dialplan functionality in Asterisk Open Source ...
CVE-2010-0441Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...
CVE-2009-4055rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...
CVE-2009-3727Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...
CVE-2009-3723Unauthorized calls allowed on prohibited networks in asterisk
CVE-2009-2726The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...
CVE-2009-2651main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...
CVE-2009-2346The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...
CVE-2009-0871The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and ...
CVE-2009-0041IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework ...
CVE-2008-5558Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition ...
CVE-2008-3903Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and ...
CVE-2008-3264The FWDOWNL firmware-download implementation in Asterisk Open Source ...
CVE-2008-3263The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...
CVE-2008-2119Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business ...
CVE-2008-1923The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision ...
CVE-2008-1897The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, ...
CVE-2008-1390The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before ...
CVE-2008-1333Format string vulnerability in Asterisk Open Source 1.6.x before ...
CVE-2008-1332Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...
CVE-2008-1289Multiple buffer overflows in Asterisk Open Source 1.4.x before ...
CVE-2008-0095The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, ...
CVE-2007-6430Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...
CVE-2007-6171SQL injection vulnerability in the Postgres Realtime Engine ...
CVE-2007-6170SQL injection vulnerability in the Call Detail Record Postgres logging ...
CVE-2007-5358Multiple buffer overflows in the voicemail functionality in Asterisk ...
CVE-2007-4521Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...
CVE-2007-4455The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...
CVE-2007-4280The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...
CVE-2007-4103The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before ...
CVE-2007-3765The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...
CVE-2007-3764The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...
CVE-2007-3763The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...
CVE-2007-3762Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...
CVE-2007-2488The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2007-2297The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...
CVE-2007-2294The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...
CVE-2007-2293Multiple stack-based buffer overflows in the process_sdp function in ...
CVE-2007-1595The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...
CVE-2007-1561The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 ...
CVE-2007-1306Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...
CVE-2006-5445Unspecified vulnerability in the SIP channel driver ...
CVE-2006-5444Integer overflow in the get_input function in the Skinny channel ...
CVE-2006-4346Asterisk 1.2.10 supports the use of client-controlled variables to ...
CVE-2006-4345Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...
CVE-2006-2898The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...
CVE-2006-1827Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...
CVE-2005-3559Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...
CVE-2005-2081Stack-based buffer overflow in the function that parses commands in ...
CVE-2003-0779SQL injection vulnerability in the Call Detail Record (CDR) logging ...
CVE-2003-0761Buffer overflow in the get_msg_text of chan_sip.c in the Session ...

Security announcements

DSA / DLADescription
DSA-4076-1asterisk - security update
DSA-4076-1asterisk - security update
DLA-1225-1asterisk - security update
DLA-1122-1asterisk - security update
DSA-3990-1asterisk - security update
DSA-3990-1asterisk - security update
DSA-3964-1asterisk - security update
DSA-3964-1asterisk - security update
DLA-781-2asterisk - regression update
DLA-781-1asterisk - security update
DSA-3700-1asterisk - security update
DLA-455-1asterisk - security update
DSA-2835-1asterisk - buffer overflow
DSA-2835-1asterisk - buffer overflow
DSA-2749-1asterisk - several
DSA-2749-1asterisk - several
DSA-2605-1asterisk - several issues
DSA-2550-1asterisk - several
DSA-2493-1asterisk - denial of service
DSA-2460-1asterisk - several
DSA-2367-1asterisk - several
DSA-2367-1asterisk - several
DSA-2276-2asterisk - multiple issues
DSA-2276-2asterisk - multiple issues
DSA-2276-1asterisk - multiple issues
DSA-2276-1asterisk - multiple issues
DSA-2225-1asterisk - several
DSA-2225-1asterisk - several
DSA-2171-1asterisk - buffer overflow
DSA-2171-1asterisk - buffer overflow
DSA-1952-1asterisk - several vulnerabilities
DSA-1563-1asterisk - denial of service
DSA-1525-1asterisk
DSA-1417-1asterisk - SQL injection
DSA-1417-1asterisk - SQL injection
DSA-1358-1asterisk
DSA-1358-1asterisk
DSA-1229-1asterisk
DSA-1126asterisk - several
DSA-1048-1asterisk - several vulnerabilities
DSA-1048-1asterisk - several vulnerabilities

Search for package or bug name: Reporting problems