关键信息 Advisory: DSA 2225-1 Package: asterisk Vulnerability Type: Several remote vulnerabilities CVE IDs: CVE-2011-1147, CVE-2011-1174, CVE-2011-1175, CVE-2011-1507, CVE-2011-1599 Affected Versions and Fixes: - CVE-2011-1147: Incorrect handling of UDPTL packets may lead to denial of service or arbitrary code execution. Fixed in version 1:1.4.21.2-dfsg-3+lenny2.1 for , 1:1.6.2.9-2+squeeze2 for , and 1:1.8.3.3-1 for . - CVE-2011-1174: Incorrect connection handling in the manager interface may lead to denial of service. Fixed as above. - CVE-2011-1175: Incorrect TCP connection handling may lead to denial of service. Fixed as above. - CVE-2011-1507: Insufficient limitation of connection requests may lead to denial of service. See Asterisk Security Release Notes for details. - CVE-2011-1599: Privilege escalation vulnerability in the manager interface. Fixed as above. Recommendation: Upgrade asterisk packages to the provided versions. Date of Advisory: April 25, 2011 Source: Debian Security Advisory Contact: Security team , Moritz Muehlenhoff