Your regularly scheduled security update to asterisk-1.8.4.3
AST-2011-008: If a remote user sends a SIP packet containing a null, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end of the buffer altering unrelated memory structures. This vulnerability does not affect TCP/TLS connections. -- Resolved in 1.6.2.18.1 and 1.8.4.3 AST-2011-009: A remote user sending a SIP packet containing a Contact header with a missing left angle bracket (<) causes Asterisk to access a null pointer. -- Resolved in 1.8.4.3 AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it. -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
This commit is contained in:
sthen
parent
b328f2f4ad
commit
2219c0a40e
@ -1,9 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.116 2011/06/03 16:08:01 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.117 2011/06/24 13:50:09 sthen Exp $
|
||||
|
||||
SHARED_ONLY= Yes
|
||||
COMMENT-main= open source multi-protocol PBX and telephony toolkit
|
||||
|
||||
VER= 1.8.4.2
|
||||
VER= 1.8.4.3
|
||||
DISTNAME= asterisk-${VER:S/beta/-beta/:S/rc/-rc/}
|
||||
PKGNAME-main= asterisk-${VER}
|
||||
|
||||
|
||||
@ -1,32 +1,32 @@
|
||||
MD5 (asterisk-1.8.4.2.tar.gz) = kwzilxGen+sgF3nVJGUzcQ==
|
||||
MD5 (asterisk-1.8.4.3.tar.gz) = uuYkBoJzbrvNNZa8bMGtFA==
|
||||
MD5 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = XyGAxhZleNMCJj628d77lg==
|
||||
MD5 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 4aZTAcb0h9zeG2sOVvVzDA==
|
||||
MD5 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = VHnLTLgdZ4ME2W815JM6EQ==
|
||||
MD5 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = euKCSaScLc2s72YD1p39Zg==
|
||||
MD5 (asterisk-moh-opsound-wav-2.03.tar.gz) = gnfixpP9BWdzscFeTVIHfQ==
|
||||
MD5 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = AR+k3J/jXcPTTtVXuwQmPw==
|
||||
RMD160 (asterisk-1.8.4.2.tar.gz) = QDgpovzV9jwqmeFBRCzJj9afTes=
|
||||
RMD160 (asterisk-1.8.4.3.tar.gz) = zAezB1Tq0PHG/xOdO5+UZC04Dds=
|
||||
RMD160 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = QrmFXULU6TKurS7Ori+xyp/tsIs=
|
||||
RMD160 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 9jjgmgvJGKJh4cM4vEIVdnKlNAQ=
|
||||
RMD160 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = aBcMdp1znWtbNbAPmZrWu/h2+fY=
|
||||
RMD160 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = r2FBQo0Mel1qCQPV61rbSFUnkNY=
|
||||
RMD160 (asterisk-moh-opsound-wav-2.03.tar.gz) = lWaXSoNgUeCPUUEt5QjZK/O+fgI=
|
||||
RMD160 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = D+hFjrIugSleLHkzLWEgvA7kjfM=
|
||||
SHA1 (asterisk-1.8.4.2.tar.gz) = 9fyMDEND7B1oMbGBBgLSI6+Nyck=
|
||||
SHA1 (asterisk-1.8.4.3.tar.gz) = vruCoZuGgXo65it0lZka9IDNqtg=
|
||||
SHA1 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = /1nj3UcJr0j69nws7CiWi9zWLk0=
|
||||
SHA1 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 1DqTOIM1s1tS30CW8clyDq+R9Os=
|
||||
SHA1 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = hpL6YUI7R2nci/p4+vntXveiWbk=
|
||||
SHA1 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = 7mrmsEnCtwUNV0J+RJd/3sI3wYE=
|
||||
SHA1 (asterisk-moh-opsound-wav-2.03.tar.gz) = 9A/W6gPf6Ncq2iVAsiiL/cAGOB0=
|
||||
SHA1 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = y7b1cl1V/jLKmqKzM+N9YSXQ9Ec=
|
||||
SHA256 (asterisk-1.8.4.2.tar.gz) = xhCGqqSaZ1qjMlybz8LC43hoj+52kgdEhSfeVqY5PQs=
|
||||
SHA256 (asterisk-1.8.4.3.tar.gz) = OqhXmPLsEl8DqZfmNZJF68awbGrloqgJRXB6eSFqPB8=
|
||||
SHA256 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = 6HhpuMXN1zILHPTeUgh58lz4tcLaNwen7v4z4IlbsBc=
|
||||
SHA256 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = CkpTcoPBJgMHmqgMDqUPfnmfDMz7fQGGuA/DwV+BR3c=
|
||||
SHA256 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 1fAxzDHr6+yZzj/PRP+Ue9eye16VZaezphhcLRvaCUw=
|
||||
SHA256 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = a0BErk9wQ3/hT5gPUVL6uk6iqitdhAKMAhOrL2XHSR8=
|
||||
SHA256 (asterisk-moh-opsound-wav-2.03.tar.gz) = RJ+4ENFlAsMFL+3wL353s2IGrFoUXz2s9Bd4Q6L8tTg=
|
||||
SHA256 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = Y8VUFsoRQmGrGvT9EVIyLy7GnZGrw0vEzufTKByuDZc=
|
||||
SIZE (asterisk-1.8.4.2.tar.gz) = 27012984
|
||||
SIZE (asterisk-1.8.4.3.tar.gz) = 27327187
|
||||
SIZE (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = 1784804
|
||||
SIZE (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 84
|
||||
SIZE (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
$OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $
|
||||
$OpenBSD: patch-channels_chan_unistim_c,v 1.2 2011/06/24 13:50:09 sthen Exp $
|
||||
# Patch is from https://bugs.digium.com/view.php?id=18229, in particular, chan_unistim.c.r299906-6.diff
|
||||
--- channels/chan_unistim.c.orig Wed Jul 14 11:48:36 2010
|
||||
+++ channels/chan_unistim.c Fri Apr 8 20:50:05 2011
|
||||
--- channels/chan_unistim.c.orig Wed Jul 14 16:48:36 2010
|
||||
+++ channels/chan_unistim.c Fri Jun 24 14:21:26 2011
|
||||
@@ -32,6 +32,15 @@
|
||||
* \ingroup channel_drivers
|
||||
*/
|
||||
@ -17,8 +17,8 @@ $OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $
|
||||
+
|
||||
#include "asterisk.h"
|
||||
|
||||
ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $")
|
||||
@@ -69,6 +78,8 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $")
|
||||
ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $")
|
||||
@@ -69,6 +78,8 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $")
|
||||
#include "asterisk/musiconhold.h"
|
||||
#include "asterisk/causes.h"
|
||||
#include "asterisk/indications.h"
|
||||
@ -27,7 +27,7 @@ $OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $
|
||||
|
||||
/*! Beware, G729 and G723 are not supported by asterisk, except with the proper licence */
|
||||
#define CAPABILITY AST_FORMAT_ALAW | AST_FORMAT_ULAW /* | AST_FORMAT_G729A | AST_FORMAT_G723_1 */
|
||||
@@ -78,11 +89,14 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $")
|
||||
@@ -78,11 +89,14 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $")
|
||||
#define DEFAULTCALLERNAME " "
|
||||
#define DEFAULTHEIGHT 3
|
||||
#define USTM_LOG_DIR "unistimHistory"
|
||||
@ -42,7 +42,7 @@ $OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $
|
||||
/*! Try x times before removing the phone */
|
||||
#define NB_MAX_RETRANSMIT 8
|
||||
/*! Nb of milliseconds waited when no events are scheduled */
|
||||
@@ -99,8 +113,9 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $")
|
||||
@@ -99,8 +113,9 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $")
|
||||
#define MAX_ENTRY_LOG 30
|
||||
|
||||
#define SUB_REAL 0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user