AST-2018-007: Infinite loop when reading iostreams
When connected to Asterisk via TCP/TLS if the client abruptly
disconnects, or sends a specially crafted message then Asterisk
gets caught in an infinite loop while trying to read the data stream.
Thus rendering the system as unusable.
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
When endpoint specific ACL rules block a SIP request they respond with
a 403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to
gain access to the disclosed endpoints.
fd7f669da3