Asterisk: Multiple vulnerabilities Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. asterisk January 21, 2014 January 21, 2014: 1 449828 463622 482776 494630 remote 11.7.0 1.8.25.0 11.7.0

Asterisk is an open source telephony engine and toolkit.

Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.

A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.

There is no known workaround at this time.

All Asterisk 11.* users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.7.0"

All Asterisk 1.8.* users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.25.0"
CVE-2012-5976 CVE-2012-5977 CVE-2013-2264 CVE-2013-2685 CVE-2013-2686 CVE-2013-5641 CVE-2013-5642 CVE-2013-7100 underling ackle