Summary
The remote host is missing updates announced in
advisory GLSA 201110-21.
Solution
All asterisk 1.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.6.2.18.2'
All asterisk 1.8.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.7.1'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-21 http://bugs.gentoo.org/show_bug.cgi?id=352059
http://bugs.gentoo.org/show_bug.cgi?id=355967
http://bugs.gentoo.org/show_bug.cgi?id=359767
http://bugs.gentoo.org/show_bug.cgi?id=364887
http://bugs.gentoo.org/show_bug.cgi?id=372793
http://bugs.gentoo.org/show_bug.cgi?id=373409
http://bugs.gentoo.org/show_bug.cgi?id=387453
Insight
Multiple vulnerabilities in Asterisk might allow unauthenticated remote attackers to execute arbitrary code.
Severity
Classification
-
CVE CVE-2011-1147, CVE-2011-1174, CVE-2011-1175, CVE-2011-1507, CVE-2011-1599, CVE-2011-2529, CVE-2011-2535, CVE-2011-2536, CVE-2011-2665, CVE-2011-2666, CVE-2011-4063 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities