Bug 39285 - asterisk: Multiple minor issues (4.1)
asterisk: Multiple minor issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P3 normal (vote)
: UCS 4.1
Assigned To: Stefan Gohmann
Janek Walkenhorst
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-28 23:16 CEST by Stefan Gohmann
Modified: 2016-10-05 12:46 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2015-08-28 23:16:19 CEST
These issues are classified as minor issues:

> Remote crash when handling out of call message in certain dialplan
> configurations (CVE-2014-6610)
http://downloads.asterisk.org/pub/security/AST-2014-010.html

> Asterisk Manager User Unauthorized Shell Access (CVE-2014-4046)
http://downloads.asterisk.org/pub/security/AST-2014-006.html

> Permission escalation through ConfBridge actions/dialplan functions
> (CVE-2014-8417)
http://downloads.asterisk.org/pub/security/AST-2014-017.html

> AMI permission escalation through DB dialplan function (CVE-2014-8418)
http://downloads.asterisk.org/pub/security/AST-2014-018.html
Comment 1 Stefan Gohmann univentionstaff 2015-08-29 00:07:39 CEST
asterisk 11.13 from wheezy backports has been build. The security issues have been fixed in the new version.

Changelog: r63335
Comment 2 Janek Walkenhorst univentionstaff 2015-10-16 17:46:09 CEST
Tests (amd64): OK
Issues: Fixed
Changelog: OK
Comment 3 Stefan Gohmann univentionstaff 2015-11-17 12:12:39 CET
UCS 4.1 has been released:
 https://docs.software-univention.de/release-notes-4.1-0-en.html
 https://docs.software-univention.de/release-notes-4.1-0-de.html

If this error occurs again, please use "Clone This Bug".