[3.6] asterisk: Multiple vulnerabilities (CVE-2017-14098, CVE-2017-14099, CVE-2017-14100)
CVE-2017-14098: Remote Crash Vulerability in res_pjsip
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
https://downloads.asterisk.org/pub/security/AST-2017-007.html
CVE-2017-14099: Media takeover in RTP stack
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
http://downloads.asterisk.org/pub/security/AST-2017-005.html
CVE-2017-14100: Shell access command injection in app_minivm
Fixed In Version:
asterisk 13.17.1, asterisk 14.6.1
References:
https://downloads.asterisk.org/pub/security/AST-2017-006.html
(from redmine: issue id 7792, created on 2017-09-05, closed on 2017-09-25)
- Relations:
- parent #7791 (closed)
- Changesets:
- Revision 57a88ee6 by Timo Teräs on 2017-09-06T07:26:06Z:
main/asterisk: security upgrade to 14.6.1
fixes #7792
AST-2017-005: Media takeover in RTP stack
AST-2017-006: Shell access command injection in app_minivm
AST-2017-007: Remote Crash Vulerability in res_pjsip