Errata overview
Errata ID 275
Date 2018-10-17
Source package asterisk
Fixed in version 1:13.14.1~dfsg-2+deb9u4
This update addresses the following issues:
* A Buffer Overflow issue was discovered in Asterisk. When processing a
  SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats
  present in the Accept headers of the request. This code did not limit the
  number of headers it processed, despite having a fixed limit of 32. If more
  than 32 Accept headers were present, the code would write outside of its
  memory and cause a crash. (CVE-2018-7284)
* res_pjsip allows remote authenticated users to crash Asterisk (segmentation
  fault) by sending a number of SIP INVITE messages on a TCP or TLS
  connection and then suddenly closing the connection. (CVE-2018-7286)
* When endpoint specific ACL rules block a SIP request, they respond with a
  403 forbidden. However, if an endpoint is not identified, then a 401
  unauthorized response is sent. This vulnerability just discloses which
  requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
  access to the disclosed endpoints. (CVE-2018-12227)
* There is a stack consumption vulnerability in the
  module. It allows an attacker to crash Asterisk via a specially crafted
  HTTP request to upgrade the connection to a websocket. (CVE-2018-17281)
Additional notes
CVE ID CVE-2018-7284
UCS Bug number #48007