net-misc/asterisk: 13.19.2 for CVE-2018-7284 & CVE-2018-7286 - repo/sync/gentoo.git - Sync-friendly git mirror of repo/gentoo with caches and metadata

diff options

author	Tony Vroon <chainsaw@gentoo.org>	2018-03-09 16:04:25 +0000
committer	Tony Vroon <chainsaw@gentoo.org>	2018-03-09 16:04:46 +0000
commit	458b342d0d2bbb84666f320612f6a6fc9c061903 (patch)
tree	1aa10e8ae4284e1d662516e2c65b190a31a5ff2f /app-misc/color
parent	sys-devel/clang-runtime: Dekeyword ~arm* due to deps (diff)
download	gentoo-458b342d0d2bbb84666f320612f6a6fc9c061903.tar.gz gentoo-458b342d0d2bbb84666f320612f6a6fc9c061903.tar.bz2 gentoo-458b342d0d2bbb84666f320612f6a6fc9c061903.zip

net-misc/asterisk: 13.19.2 for CVE-2018-7284 & CVE-2018-7286

Both vulnerabilities are in res_pjsip and allow a remote DoS. One through sending a lot of SIP INVITE messages on SIP TCP or SIP-TLS channels and then tearing them down. The other involves a SUBSCRIBE request containing more than 32 Accept headers, which overflows the statically allocated buffer. If you prevent res_pjsip from loading and use the classic chan_sip driver, you may not be vulnerable. However, this upgrade is being pushed out to all. Package-Manager: Portage-2.3.19, Repoman-2.3.6

Diffstat (limited to 'app-misc/color')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: