AST-2012-007, AST-2012-008 fixed in the short-lived 1.8.12.1 release:
* A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name, potentially causing a crash.
* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client closes its connection to the server,
a pointer in a structure is set to NULL. If the client was not in the
on-hook state at the time the connection was closed, this pointer is later
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.
Also from 1.8.12.2
* Resolve crash in subscribing for MWI notifications.
ASTOBJ_UNREF sets the variable to NULL after unreffing it, so the
variable should definitely not be used after that. To solve this in
the two cases that affect subscribing for MWI notifications, we
instead save the ref locally, and unref them in the error
conditions.
- add an extra file to PLIST-calendar
- add comments to the sample sip.conf showing how to hide version numbers
- fix use of _POSIX_THREAD_PRIORITY_SCHEDULING, from Brad
Update to 1.2.9.1 which addresses a security vulnerability in the IAX2
channel driver (chan_iax2). The vulnerability affects all users with
IAX2 clients that might be compromised or used by a malicious user, and
can lead to denial of service attacks and random Asterisk server crashes
via a relatively trivial exploit.
From: maintainer Stuart Henderson <stu@spacehopper.org>
