-------------------------------------------------------------------------
Debian LTS Advisory DLA-3696-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
December 28, 2023                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : asterisk
Version        : 1:16.28.0~dfsg-0+deb10u4
CVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786
Debian Bug     : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange.

CVE-2023-37457

    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
    the available buffer space for storing the new value of a header. By doing
    so this can overwrite memory or cause a crash. This is not externally
    exploitable, unless dialplan is explicitly written to update a header based
    on data from an outside source. If the 'update' functionality is not used
    the vulnerability does not occur.

CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
    higher level media transport which is stacked upon a lower level media
    transport such as UDP and ICE. Currently a higher level transport is not
    synchronized with its lower level transport that may introduce a
    use-after-free issue. This vulnerability affects applications that have
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
    transport other than UDP. This vulnerability’s impact may range from
    unexpected application termination to control flow hijack/memory
    corruption.

CVE-2023-49294

    It is possible to read any arbitrary file even when the `live_dangerously`
    option is not enabled.

CVE-2023-49786

   Asterisk is susceptible to a DoS due to a race condition in the hello
   handshake phase of the DTLS protocol when handling DTLS-SRTP for media
   setup. This attack can be done continuously, thus denying new DTLS-SRTP
   encrypted calls during the attack. Abuse of this vulnerability may lead to
   a massive Denial of Service on vulnerable Asterisk servers for calls that
   rely on DTLS-SRTP.

For Debian 10 buster, these problems have been fixed in version
1:16.28.0~dfsg-0+deb10u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/asterisk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3696-1: asterisk security update

December 28, 2023
Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange

Summary


Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.

CVE-2023-49294

It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.

CVE-2023-49786

Asterisk is susceptible to a DoS due to a race condition in the hello
handshake phase of the DTLS protocol when handling DTLS-SRTP for media
setup. This attack can be done continuously, thus denying new DTLS-SRTP
encrypted calls during the attack. Abuse of this vulnerability may lead to
a massive Denial of Service on vulnerable Asterisk servers for calls that
rely on DTLS-SRTP.

For Debian 10 buster, these problems have been fixed in version
1:16.28.0~dfsg-0+deb10u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/asterisk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : asterisk
Version : 1:16.28.0~dfsg-0+deb10u4
CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786
Debian Bug : 1059303 1059032 1059033

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved