oss-sec mailing list archives

Re: CVE request for Asterisk flaws

From: Josh Bressers <bressers () redhat com>
Date: Mon, 21 Mar 2011 16:19:49 -0400 (EDT)

I found some html copies of those (I don't like pdfs for such purposes).

----- Original Message -----

Two flaws were fixed in Asterisk:

AST-2011-003:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
- resource exhaustion DoS in Asterisk Manager Interface


http://downloads.asterisk.org/pub/security/AST-2011-003.html

Use CVE-2011-1174


AST-2011-004:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
- DoS in TCP/TLS server due to NULL ptr deref


http://downloads.asterisk.org/pub/security/AST-2011-004.html

Use CVE-2011-1175

Thanks.

-- 
    JB

Current thread:

CVE request for Asterisk flaws Vincent Danen (Mar 17)
- Re: CVE request for Asterisk flaws Josh Bressers (Mar 21)