Debian Security Advisory 5438-1 ≈ Packet Storm

Home ^[1] Files ^[2] News ^[3] &[SERVICES_TAB] Contact ^[4] Add New ^[5]

Debian Security Advisory 5438-1^[6]: Authored by Debian ^[7] | Site debian.org ^[8]; Debian Linux Security Advisory 5438-1 - A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.; systems | linux ^[9], debian ^[10]; advisories | CVE-2023-27585 ^[11]; SHA-256 | 36f72d3d649edb95df059fb18d510eb21ac8c037e62356c078f3a169cddb0f4c; Download ^[12] | Favorite ^[13] | View ^[14]

        -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5438-1                   Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.debian.org/security/                          Markus Koschany
June 22, 2023                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package        : asterisk
CVE ID         : CVE-2023-27585
Debian Bug     : 1036697
A flaw was found in Asterisk, an Open Source Private Branch Exchange. A
buffer overflow vulnerability affects users that use PJSIP DNS resolver.
This vulnerability is related to CVE-2022-24793. The difference is that
this issue is in parsing the query record `parse_query()`, while the issue
in CVE-2022-24793 is in `parse_rr()`. A workaround is to disable DNS
resolution in PJSIP config (by setting `nameserver_count` to zero) or use
an external resolver implementation instead.
For the oldstable distribution (bullseye), this problem has been fixed
in version 1:16.28.0~dfsg-0+deb11u3.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asterisk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSUwnRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRsCxAAuFfItEe6Gyu5VcJqSzHQpy+kfbBD1F6msFf7GnNzx4WiJssF5b4eVC4h
Im6N4tW6S3YfoymUC4chFy9ifeH10HMruAlWik+h4v/TLEaeBps4UF6JmUkF8ra4
ML3NT+vkdaLlFF7jtcDyTZXc0Vhy2wQ51EABX8bd7vUp39UObhZZw6+wJjrT6tCc
P7wwMEOkoUCrg3llX/yvtpHqJiYo6yLrtEaoPpLvl2up6cx9FRvuK7E1B2hhPu0H
oULxjphtz3Xmccw5kViC7zIo588GXCqIQW0/t6Uh0pYT1aWpWAfViMlpOtZx+Pff
pvFJy8Vizyp3MQ3yVZSOMrz68uOenXUkh9BbrdMw8AHbZgk/j8mKFbQhGJNfB209
8BcmibGF3fPr0g6Ux6dGXlWUF1fMeuChmo5dylZhxmI4/M6wd5sqpHv4+RiEOM4X
lROdlRQVToHIBGbwGvFAD7hiv6/wjmOXuY1NafqzCTyX1awMgKcQPqjPrUo1ugWy
IQayIG2RhSKC/x8fUn1fr5+kA/KjvjH7pLtlvr2MWhOWV5ryUtuXdqGp5YWGZV5D
2gA2sGeeGJgmAZfnzW6iY7/EZcLTnF1uWHGEk5cN/FQIObpqTqmSU2KOYWWmUOOV
LAbko9P1aLCUNjj1WOzOMy29nbGBINnQquyW2DkhoaTYW6jjmPc=
=SDbp
-----END PGP SIGNATURE-----