diff options
| author | jnemeth <jnemeth> | 2013-12-17 05:37:10 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth> | 2013-12-17 05:37:10 +0000 |
| commit | d053bb8702cb13d660d46977cdd616f380d815bc (patch) | |
| tree | 559f5b35cf38124872fdcf8100fe4bc2d4e1c9ba | |
| parent | 3afa84559dce17d51171faaffe3d29a6d989f413 (diff) | |
| download | pkgsrc-d053bb8702cb13d660d46977cdd616f380d815bc.tar.gz | |
Update to Asterisk 10.12.4: this is a security fix update that fixes
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
| -rw-r--r-- | comms/asterisk10/Makefile | 5 | ||||
| -rw-r--r-- | comms/asterisk10/distinfo | 14 |
2 files changed, 9 insertions, 10 deletions
diff --git a/comms/asterisk10/Makefile b/comms/asterisk10/Makefile index 1c2740db186..9b2abb84bf2 100644 --- a/comms/asterisk10/Makefile +++ b/comms/asterisk10/Makefile @@ -1,13 +1,12 @@ -# $NetBSD: Makefile,v 1.55 2013/10/19 09:07:00 adam Exp $ +# $NetBSD: Makefile,v 1.56 2013/12/17 05:37:10 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-10.12.3 +DISTNAME= asterisk-10.12.4 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz -PKGREVISION= 3 CATEGORIES= comms net audio MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ diff --git a/comms/asterisk10/distinfo b/comms/asterisk10/distinfo index c6b283f8d3d..55c04e950e1 100644 --- a/comms/asterisk10/distinfo +++ b/comms/asterisk10/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.28 2013/08/29 23:14:38 jnemeth Exp $ +$NetBSD: distinfo,v 1.29 2013/12/17 05:37:10 jnemeth Exp $ -SHA1 (asterisk-10.12.3/asterisk-10.12.3.tar.gz) = b337a668ca9a99cfe2e8d5e32394fb8f5e80e663 -RMD160 (asterisk-10.12.3/asterisk-10.12.3.tar.gz) = 92deb44a2ed1a94479eebc409cbada2f3b19c052 -Size (asterisk-10.12.3/asterisk-10.12.3.tar.gz) = 25119235 bytes -SHA1 (asterisk-10.12.3/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 -RMD160 (asterisk-10.12.3/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 -Size (asterisk-10.12.3/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes +SHA1 (asterisk-10.12.4/asterisk-10.12.4.tar.gz) = 960742b18694cee94c24d258eb547398082c8bd1 +RMD160 (asterisk-10.12.4/asterisk-10.12.4.tar.gz) = 548ac7f2e3aa9ce847d1e9de6920907f2b2eea0a +Size (asterisk-10.12.4/asterisk-10.12.4.tar.gz) = 25120413 bytes +SHA1 (asterisk-10.12.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 +RMD160 (asterisk-10.12.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 +Size (asterisk-10.12.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes SHA1 (patch-Makefile) = ab740f84f9883980cb5d8e8d5ca301f172c76231 SHA1 (patch-apps_app__dial.c) = e6c9f559310acdb6574d0e034dcb55df7c2ba31f SHA1 (patch-apps_app__followme.c) = cd34774a11b96269003d9f1b6fbdfddf5d9b9d4b |