[ES2023-01] Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation

Read Time:23 Second

Posted by Sandro Gauci on Dec 19

# Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation

– Fixed versions: 18.20.1, 20.5.1, 21.0.1,18.9-cert6
– Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
– Vendor Security Advisory: https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
– Other references: CVE-2023-49786
– Tested vulnerable versions: 20.1.0
-…

ZDI-CAN-25373: Microsoft

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...

September 20, 2024

DSA-5774-1 ruby-saml – security update

It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...

September 20, 2024

USN-6968-2: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....

September 19, 2024