Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)

medium Nessus Plugin ID 52561

Synopsis

The remote Fedora host is missing a security update.

Description

The Asterisk Development Team has announced the release of Asterisk 1.8.3. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.8.3 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release :

- Resolve duplicated data in the AstDB when using DIALGROUP() (Closes issue #18091. Reported by bunny.
Patched by tilghman)

- Ensure the ipaddr field in realtime is large enough to handle IPv6 addresses. (Closes issue #18464. Reported, patched by IgorG)

- Reworking parsing of mwi => lines to resolve a segfault.
Also add a set of unit tests for the function that does the parsing. (Closes issue #18350. Reported by gbour.
Patched by Marquis)

- When using cdr_pgsql the billsec field was not populated correctly on unanswered calls. (Closes issue #18406.
Reported by joscas. Patched by tilghman)

- Resolve memory leak in iCalendar and Exchange calendaring modules. (Closes issue #18521. Reported, patched by pitel. Tested by cervajs)

- This version of Asterisk includes the new Compiler Flags option BETTER_BACKTRACES which uses libbfd to search for better symbol information within both the Asterisk binary, as well as loaded modules, to assist when using inline backtraces to track down problems. (Patched by tilghman)

- Resolve issue where no Music On Hold may be triggered when using res_timing_dahdi. (Closes issues #18262.
Reported by francesco_r. Patched by cjacobson. Tested by francesco_r, rfrantik, one47)

- Resolve a memory leak when the Asterisk Manager Interface is disabled. (Reported internally by kmorgan.
Patched by russellb)

- Reimplemented fax session reservation to reverse the ABI breakage introduced in r297486. (Reported internally.
Patched by mnicholson)

- Fix regression that changed behavior of queues when ringing a queue member. (Closes issue #18747, #18733.
Reported by vrban. Patched by qwell.)

- Resolve deadlock involving REFER. (Closes issue #18403.
Reported, tested by jthurman. Patched by jpeeler.) Additionally, this release has the changes related to security bulletin AST-2011-002 which can be found at http://downloads.asterisk.org/pub/security/AST-2011-002.
pdf For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/Cha ngeLog-1.8.3

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected asterisk package.

See Also

http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

http://downloads.asterisk.org/pub/telephony/asterisk/

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3

https://bugzilla.redhat.com/show_bug.cgi?id=18091

https://bugzilla.redhat.com/show_bug.cgi?id=18262

https://bugzilla.redhat.com/show_bug.cgi?id=18350

https://bugzilla.redhat.com/show_bug.cgi?id=18403

https://bugzilla.redhat.com/show_bug.cgi?id=18406

https://bugzilla.redhat.com/show_bug.cgi?id=18464

https://bugzilla.redhat.com/show_bug.cgi?id=18521

https://bugzilla.redhat.com/show_bug.cgi?id=18733

https://bugzilla.redhat.com/show_bug.cgi?id=18747

http://www.nessus.org/u?704c4ace

Plugin Details

Severity: Medium

ID: 52561

File Name: fedora_2011-2360.nasl

Version: 1.14

Type: local

Agent: unix

Published: 3/7/2011

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:15, p-cpe:/a:fedoraproject:fedora:asterisk

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/1/2011

Vulnerability Publication Date: 3/15/2011

Reference Information

CVE: CVE-2011-1147

BID: 46474

FEDORA: 2011-2360