Bug 665469 - VUL-0: Asterisk: Stack-based buffer overflow
VUL-0: Asterisk: Stack-based buffer overflow
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Reinhard Max
E-mail List
.
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-19 11:29 UTC by Sebastian Krahmer
Modified: 2011-01-19 14:22 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2011-01-19 11:29:46 UTC
From: Jan Lieskovsky
To: oss-security


Hi Josh, Steve, vendors,

  Asterisk upstream yesterday released AST-2011-001, also with patches for
  supported versions.
  References:
  [1] http://downloads.asterisk.org/pub/security/AST-2011-001.html
  [2] http://seclists.org/fulldisclosure/2011/Jan/297
  [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
  [4] https://bugzilla.redhat.com/show_bug.cgi?id=670777

Could you allocate CVE id for this?
Comment 1 Sebastian Krahmer 2011-01-19 13:27:23 UTC
CVE-2011-0495
Comment 2 Swamp Workflow Management 2011-01-19 13:45:12 UTC
The SWAMPID for this issue is 38307.
This issue was rated as moderate.
Please submit fixed packages until 2011-02-02.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 3 Reinhard Max 2011-01-19 13:51:41 UTC
We haven't shipped asterisk with openSUSE since 10.1.