net-misc/asterisk: 13.19.2 for CVE-2018-7284 & CVE-2018-7286
Both vulnerabilities are in res_pjsip and allow a remote DoS. One through sending
a lot of SIP INVITE messages on SIP TCP or SIP-TLS channels and then tearing them
down. The other involves a SUBSCRIBE request containing more than 32 Accept headers,
which overflows the statically allocated buffer.
If you prevent res_pjsip from loading and use the classic chan_sip driver, you may
not be vulnerable. However, this upgrade is being pushed out to all.
Package-Manager: Portage-2.3.19, Repoman-2.3.6
projects / gentoo.git / commit