Synopsis
The remote Fedora host is missing a security update.
Description
The Asterisk Development Team has announced the release of Asterisk 1.8.3. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.8.3 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release :
- Resolve duplicated data in the AstDB when using DIALGROUP() (Closes issue #18091. Reported by bunny.
Patched by tilghman)
- Ensure the ipaddr field in realtime is large enough to handle IPv6 addresses. (Closes issue #18464. Reported, patched by IgorG)
- Reworking parsing of mwi => lines to resolve a segfault.
Also add a set of unit tests for the function that does the parsing. (Closes issue #18350. Reported by gbour.
Patched by Marquis)
- When using cdr_pgsql the billsec field was not populated correctly on unanswered calls. (Closes issue #18406.
Reported by joscas. Patched by tilghman)
- Resolve memory leak in iCalendar and Exchange calendaring modules. (Closes issue #18521. Reported, patched by pitel. Tested by cervajs)
- This version of Asterisk includes the new Compiler Flags option BETTER_BACKTRACES which uses libbfd to search for better symbol information within both the Asterisk binary, as well as loaded modules, to assist when using inline backtraces to track down problems. (Patched by tilghman)
- Resolve issue where no Music On Hold may be triggered when using res_timing_dahdi. (Closes issues #18262.
Reported by francesco_r. Patched by cjacobson. Tested by francesco_r, rfrantik, one47)
- Resolve a memory leak when the Asterisk Manager Interface is disabled. (Reported internally by kmorgan.
Patched by russellb)
- Reimplemented fax session reservation to reverse the ABI breakage introduced in r297486. (Reported internally.
Patched by mnicholson)
- Fix regression that changed behavior of queues when ringing a queue member. (Closes issue #18747, #18733.
Reported by vrban. Patched by qwell.)
- Resolve deadlock involving REFER. (Closes issue #18403.
Reported, tested by jthurman. Patched by jpeeler.) Additionally, this release has the changes related to security bulletin AST-2011-002 which can be found at http://downloads.asterisk.org/pub/security/AST-2011-002.
pdf For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/Cha ngeLog-1.8.3
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected asterisk package.
Plugin Details
File Name: fedora_2011-2360.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:fedoraproject:fedora:15, p-cpe:/a:fedoraproject:fedora:asterisk
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/1/2011
Vulnerability Publication Date: 3/15/2011