RTP Bleed CVE-2017-14099

pasi · September 6, 2017, 7:16pm

The CVE-2017-14099 advisory stated that Asterisk Open Source version 11.x series is affected by the RTP bleed.

I am having FreePBX 12.0.76.4 with these modules Asterisk CLI 2.11.0.3, Asterisk Info 12.0.2, Asterisk Logfiles 12.0.6, Asterisk API 12.0.2, Asterisk IAX Settings 2.11.0.3, Asterisk SIP Settings 12.0.16.
The Asterisk Info page is showing “Asterisk (Ver. 11.15.0)”
The Asterisk SIP setting is showing that my “Strict RTP” setting is turned on.

Am I affected by this RTP bleed bug?
If yes, is there any bug fix for this?

Thank you,

tonyclewis · September 6, 2017, 8:00pm

YOu need to upgrade asterisk on your box. Also your FreePBX is very old and not supported. Current stable release is version 14

pasi · September 13, 2017, 7:23am

Hi Tony,

I have upgraded my FreePBX server to 10.13.66-1 and using the Asterisk 13.17.1.
Would my system still be affected by this bug?

Thank you.

pasi · November 23, 2017, 4:05pm

The answer is no.