* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver. The keypad
button message event failed to check the length of a fixed length buffer
before appending a received digit to the end of that buffer. A remote
authenticated user could send sufficient keypad button message events that
the buffer would be overrun.
* A remote crash vulnerability in the SIP channel driver when processing UPDATE
requests. If a SIP UPDATE request was received indicating a connected line
update after a channel was terminated but before the final destruction of the
associated SIP dialog, Asterisk would attempt a connected line update on a
non-existing channel, causing a crash.
- crash in app_voicemail
- resource leak in SIP TCP/TLS
- ACK routing for non-2xx responses
- buffer overrun/memory leak in 'sip show peers' (race when adding peers whilst displaying)
- various locking problems
- remove unused non-working patches and framework for chan_h323;
this driver is deprecated upstream anyway.
- add patches to let the alternative chan_ooh323 addon module build.
currently unused in the port, 'make configure; cd $WRKSRC; gmake menuselect'
and enable it there if you want to play.
- sync unistim patch.
- mention the IMAP flavour in DESCR (and thus bump REVISION-main).
rthread. kern_time.c:itimerfix() requires the kevent interval timer to be
<= 100M seconds otherwise it passes an EINVAL back up, giving an error
return from kevent(). The initial timestamp is (INT_MAX-cur time) i.e.
around 800M so we hit this. Workaround by clamping tv_sec to 100M sec.
AST-2012-002: stack buffer overflow (remote unauthenticated sessions).
requires a dialplan using the Milliwatt application with the 'o' option,
and internal_timing off. Affects all 1.4+ Asterisk versions.
AST-2012-003: stack buffer overflow (remote unauth'd sessions) in HTTP
manager interface; triggered by long digest authentication strings.
Code injection possibility. Affects 1.8+.
- includes the iLBC codec which now has a free copyright license; patent
licensing has a "no litigation" clause (see codecs/ilbc/LICENSE_ADDENDUM)
so mark as not permitted for CDs
configurations with video disabled and the sRTP module loaded.
Funnily enough this didn't affect the port until about an hour
ago when sRTP was enabled.
