Fonality security update

Number: AV16-105
Date: 22 June 2016

Purpose

The purpose of this advisory is to bring attention to a Fonality security update.

Assessment

A security update was released for Fonality (previously trixbox Pro) which addresses multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow a malicious attacker to perform remote code execution with root user privilege, and allow for the unauthorized disclosure of encrypted data.

Affected Versions: Fonality versions prior to 12.6

CVE References: CVE-2016-2362, CVE-2016-2363, CVE-2016-2364

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

NIST National Vulnerability Database:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2362
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2363
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2364

CERT/CC Vulnerability Note VU#754056:

http://www.kb.cert.org/vuls/id/754056

Date modified:: 2018-09-26

Language selection

Search

Purpose

Assessment

Suggested Action

Note to readers

Fonality security update

Purpose

Assessment

Suggested Action