312710642c
AST-2012-007, AST-2012-008 fixed in the short-lived 1.8.12.1 release: * A remotely exploitable crash vulnerability exists in the IAX2 channel driver if an established call is placed on hold without a suggested music class. Asterisk will attempt to use an invalid pointer to the music on hold class name, potentially causing a crash. * A remotely exploitable crash vulnerability was found in the Skinny (SCCP) Channel driver. When an SCCP client closes its connection to the server, a pointer in a structure is set to NULL. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. This allows remote authenticated connections the ability to cause a crash in the server, denying services to legitimate users. Also from 1.8.12.2 * Resolve crash in subscribing for MWI notifications. ASTOBJ_UNREF sets the variable to NULL after unreffing it, so the variable should definitely not be used after that. To solve this in the two cases that affect subscribing for MWI notifications, we instead save the ref locally, and unref them in the error conditions. |
||
---|---|---|
.. | ||
files | ||
patches | ||
pkg | ||
distinfo | ||
Makefile |