AST-2011-008: If a remote user sends a SIP packet containing a null,
Asterisk assumes available data extends past the null to the
end of the packet when the buffer is actually truncated when
copied. This causes SIP header parsing to modify data past
the end of the buffer altering unrelated memory structures.
This vulnerability does not affect TCP/TLS connections.
-- Resolved in 1.6.2.18.1 and 1.8.4.3
AST-2011-009: A remote user sending a SIP packet containing a Contact header
with a missing left angle bracket (<) causes Asterisk to
access a null pointer.
-- Resolved in 1.8.4.3
AST-2011-010: A memory address was inadvertently transmitted over the
network via IAX2 via an option control frame and the remote party would try
to access it.
-- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
when forming an outgoing SIP request while in pedantic mode, which
can cause a stack buffer to be made to overflow if supplied with
carefully crafted caller ID information"
http://downloads.asterisk.org/pub/security/AST-2011-001.html
This is also a major version update to the long-term support
1.8 branch, previous versions of this diff have been tested by
various ports@ readers, thanks for testing.
Please review /usr/local/share/doc/asterisk/UPGRADE.txt
(also note that memory use has increased).
ok ajacoutot@ jasper@
receiving most updates in the future; notably, compared to the in-tree
version, this adds a portable (pthread-based) clocking source rather
than relying on a non-portable zaptel timer.
Main functions tested and working well for myself and Diego Casati (thanks!)
Note that ConfBridge (added since 1.6.0) may need more work
This also has a small change in CDR generation, it's been well tested
upstream but still this can be a touchy area to change, so it's
going in now so the first OpenBSD release with Asterisk 1.6
packages has the change already made.
ok ajacoutot@
from overriding supplied AUTOfoo_VERSION variables) instead of the
custom Makefile target to run autoconf.
No package change -> no bump. Discussed with fgsch in relation
to 1.6, but it makes sense here too.
where the "pedantic" option is enabled (disabled by default).
Backported rather than updated until I sort out the H323 autoconf
breakage in newer versions.
fixes an overflow in IMAP voicemail storage reachable by anyone who can
send email to a VM box accessed from the phone. AST-2007-022, found by
sprintf audit.
ok ian@
