------------------------------------------------------------------------- Debian LTS Advisory DLA-4042-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Daniel Leidert February 06, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : asterisk Version : 1:16.28.0~dfsg-0+deb11u6 CVE ID : CVE-2024-53566 Debian Bug : An issue has been found in asterisk, an Open Source Private Branch Exchange. CVE-2024-53566 It is possible to access files outside the configuration directory via AMI and path traversal even when live_dangerously is not enabled. For Debian 11 bullseye, this problem has been fixed in version 1:16.28.0~dfsg-0+deb11u6. We recommend that you upgrade your asterisk packages. For the detailed security status of asterisk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/asterisk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part