openbsd-ports/telephony/asterisk
sthen 312710642c SECURITY update to Asterisk 1.8.12.2
AST-2012-007, AST-2012-008 fixed in the short-lived 1.8.12.1 release:

* A remotely exploitable crash vulnerability exists in the IAX2 channel
  driver if an established call is placed on hold without a suggested music
  class. Asterisk will attempt to use an invalid pointer to the music
  on hold class name, potentially causing a crash.

* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
  Channel driver. When an SCCP client closes its connection to the server,
  a pointer in a structure is set to NULL.  If the client was not in the
  on-hook state at the time the connection was closed, this pointer is later
  dereferenced. This allows remote authenticated connections the ability to
  cause a crash in the server, denying services to legitimate users.

Also from 1.8.12.2

* Resolve crash in subscribing for MWI notifications.

ASTOBJ_UNREF sets the variable to NULL after unreffing it, so the
variable should definitely not be used after that. To solve this in
the two cases that affect subscribing for MWI notifications, we
instead save the ref locally, and unref them in the error
conditions.
2012-05-30 22:45:26 +00:00
..
files SECURITY update to Asterisk 1.8.12.2 2012-05-30 22:45:26 +00:00
patches SECURITY update to Asterisk 1.8.12.2 2012-05-30 22:45:26 +00:00
pkg SECURITY update to Asterisk 1.8.12.2 2012-05-30 22:45:26 +00:00
distinfo SECURITY update to Asterisk 1.8.12.2 2012-05-30 22:45:26 +00:00
Makefile SECURITY update to Asterisk 1.8.12.2 2012-05-30 22:45:26 +00:00