An asterisk security update has been released for Debian GNU/Linux 8 Extended LTS to address two security vulnerabilities.

ELA-799-1 asterisk security update

Package : asterisk
Version : 1:13.14.1~dfsg-2+deb9u8 (stretch)

Related CVEs :
CVE-2022-37325
CVE-2022-42706

Two security vulnerabilities were discovered in Asterisk, an Open Source Private Branch Exchange.

CVE-2022-37325
An incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed
Calling or Called Party IE can cause a denial of service.

CVE-2022-42706
GetConfig, via Asterisk Manager Interface, allows a connected application
to access files outside of the asterisk configuration directory, aka
Directory Traversal.

  ELA-799-1 asterisk security update