stable

asterisk-1.8.15.1-1.el6

FEDORA-EPEL-2012-12823 created by jcollie 12 years ago for Fedora EPEL 6

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones resolve the following two issues:

  • A permission escalation vulnerability in Asterisk Manager Interface. This would potentially allow remote authenticated users the ability to execute commands on the system shell with the privileges of the user running the Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt file delivered with Asterisk has been updated due to this and other related vulnerabilities fixed in previous versions of Asterisk.

  • When an IAX2 call is made using the credentials of a peer defined in a dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are not applied to the call attempt. This allows for a remote attacker who is aware of a peer's credentials to bypass the ACL rules set for that peer.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2012-012 and AST-2012-013, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert7 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1-digiumphones

The security advisories are available at:

This update has been submitted for testing by jcollie.

12 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

12 years ago

This update has been pushed to testing

12 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

12 years ago

This update has been submitted for stable by jcollie.

12 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

12 years ago

This update has been pushed to stable

12 years ago

Please log in to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
12 years ago
in testing
12 years ago
in stable
12 years ago
Builds
1
asterisk-1.8.15.1-1.el6
BZ#853541 CVE-2012-2186 Asterisk: Asterisk Manager User Unauthorized Shell Access
0
0
asterisk-1.8.15.1-1.el6

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1 on bodhi-web-181-phpnd.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy