| Package | asterisk |
|---|---|
| Version | 1:13.14.1~dfsg-2+deb9u8 (stretch) |
| Related CVEs | CVE-2022-37325 CVE-2022-42706 |
Two security vulnerabilities were discovered in Asterisk, an Open Source Private Branch Exchange.
CVE-2022-37325
An incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed
Calling or Called Party IE can cause a denial of service.
CVE-2022-42706
GetConfig, via Asterisk Manager Interface, allows a connected application
to access files outside of the asterisk configuration directory, aka
Directory Traversal.
For Debian 9 stretch, these problems have been fixed in version 1:13.14.1~dfsg-2+deb9u8.
We recommend that you upgrade your asterisk packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.