similar to: Asterisk 1.2.9.1 and 1.0.11.1 Released -- Security Fix

The Asterisk Development Team today re-released Asterisk 1.2.9.1 and Asterisk 1.0.11.1 to address a security vulnerability in the IAX2 channel driver (chan_iax2). The vulnerability affects all users with IAX2 clients that might be compromised or used by a malicious user, and can lead to denial of service attacks and random Asterisk server crashes via a relatively trivial exploit. These re-releases

The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk 1.0.11 to address a security vulnerability in the IAX2 channel driver (chan_iax2). The vulnerability affects all users with IAX2 clients that might be compromised or used by a malicious user, and can lead to denial of service attacks and random Asterisk server crashes via a relatively trivial exploit. All users are urged to

The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk 1.0.11 to address a security vulnerability in the IAX2 channel driver (chan_iax2). The vulnerability affects all users with IAX2 clients that might be compromised or used by a malicious user, and can lead to denial of service attacks and random Asterisk server crashes via a relatively trivial exploit. All users are urged to

Asterisk Project Security Advisory - ASA-2007-015 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote Crash Vulnerability in IAX2 channel driver |

Asterisk Project Security Advisory - ASA-2007-015 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote Crash Vulnerability in IAX2 channel driver |

The Asterisk Development team has released an update to Asterisk 1.2, Asterisk 1.2.13. This release contains a fix for a security vulnerability recently found in the chan_skinny channel driver (for Cisco SCCP phones). This vulnerability would enable an attacker to remotely execute code as the system user running Asterisk (frequently 'root'). The exploit does not require that the

The Asterisk Development team has released an update to Asterisk 1.2, Asterisk 1.2.13. This release contains a fix for a security vulnerability recently found in the chan_skinny channel driver (for Cisco SCCP phones). This vulnerability would enable an attacker to remotely execute code as the system user running Asterisk (frequently 'root'). The exploit does not require that the

Hello, Just in case someone hasn't upgraded yet, and is using IAX2. -------- Original Message -------- Subject: AST-2009-006: IAX2 Call Number Resource Exhaustion Date: Thu, 03 Sep 2009 17:47:35 -0500 From: Asterisk Security Team <security at asterisk.org> To: bugtraq at securityfocus.com Asterisk Project Security Advisory - AST-2009-006

[mod: Just to show you that people DO get bitten after a bugwarning has gone out on linux-security..... -- REW] -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Has anyone been hit with the Bind Inverse Query Buffer Overrun on their Linux servers? We have had 3 servers attacked using this expoit and all of the machines had several binaries replaced with trojan

Asterisk Project Security Advisory - AST-2008-010 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Asterisk IAX 'POKE' resource exhaustion |

> Asterisk Project Security Advisory - ASA-2007-013 > > +----------------------------------------------------------------------------------+ > | Product | Asterisk | > |----------------------+-----------------------------------------------------------| > | Summary | IAX2

> Asterisk Project Security Advisory - ASA-2007-013 > > +----------------------------------------------------------------------------------+ > | Product | Asterisk | > |----------------------+-----------------------------------------------------------| > | Summary | IAX2

Asterisk Project Security Advisory - ASA-2007-014 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Stack buffer overflow in IAX2 channel driver |

Asterisk Project Security Advisory - ASA-2007-014 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Stack buffer overflow in IAX2 channel driver |

BM_207650 MEDIUM Vulnerability Version: 1 2/18/2004@03:47:29 GMT Initial report <https://ialert.idefense.com/KODetails.jhtml?irId=207650> ID#207650: FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability (iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS) vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers to launch a DoS attack.

For those who haven't yet received this warning yet. Anybody from the core can tell about the background and possible fixes? <p>Regards, Stefan ------- Forwarded message follows ------- Date sent: Wed, 12 May 2004 13:50:17 +0200 To: secunia_security_advisories@stefan-neufeind.de Subject: [SA11578] Icecast Basic Authorization Denial of Service Vulnerability

Dear subscribers, we are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference (CWE-476) Vulnerable version:

Dear subscribers, we are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference (CWE-476) Vulnerable version:

The following advisory was issued by CERT yesterday. Because it affects FreeBSD systems as well, we are forwarding it to the appropriate FreeBSD mailing lists. We would like to thanks CERT for cooperation with the FreeBSD security officer on this subject. -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-98-13-tcp-denial-of-service Original Issue Date: December 21, 1998 Last Revised

TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote DESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ipcomp6_input()" function in