diff options
| author | jnemeth <jnemeth> | 2017-05-29 20:52:37 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth> | 2017-05-29 20:52:37 +0000 |
| commit | 3250cc8052ee1d8d6e4efb60d8ae7bd38b350020 (patch) | |
| tree | 0186d177ee6af23c9e05903148c5d5c2b88a038f /comms/asterisk13 | |
| parent | ee288dbe0c95bc5ce185a2650de40575eb83e305 (diff) | |
| download | pkgsrc-3250cc8052ee1d8d6e4efb60d8ae7bd38b350020.tar.gz | |
Add fixes for AST-2017-002, AST-2017-003, and AST-2017-004. Note
that the first two don't affect pkgsrc as we are using chan_sip
not PJSIP. The last only affects users of SCCP, which is Cisco's
proprietary protocol.
----- AST-2017-002
A remote crash can be triggered by sending a SIP packet to
Asterisk with a specially crafted CSeq header and a Via
header with no branch parameter. The issue is that the
PJSIP RFC 2543 transaction key generation algorithm does
not allocate a large enough buffer. By overrunning the
buffer, the memory allocation table becomes corrupted,
leading to an eventual crash.
This issue is in PJSIP, and so the issue can be fixed
without performing an upgrade of Asterisk at all. However,
we are releasing a new version of Asterisk with the bundled
PJProject updated to include the fix.
If you are running Asterisk with chan_sip, this issue does
not affect you.
----- AST-2017-003
The multi-part body parser in PJSIP contains a logical
error that can make certain multi-part body parts attempt
to read memory from outside the allowed boundaries. A
specially-crafted packet can trigger these invalid reads
and potentially induce a crash.
The issue is within the PJSIP project and not in Asterisk.
Therefore, the problem can be fixed without upgrading
Asterisk. However, we will be releasing a new version of
Asterisk where the bundled version of PJSIP has been
updated to have the bug patched.
If you are using Asterisk with chan_sip, this issue does
not affect you.
----- AST-2017-004
A remote memory exhaustion can be triggered by sending an
SCCP packet to Asterisk system with chan_skinny enabled
that is larger than the length of the SCCP header but
smaller than the packet length specified in the header. The
loop that reads the rest of the packet doesn't detect that
the call to read() returned end-of-file before the expected
number of bytes and continues infinitely. The partial
data message logging in that tight loop causes Asterisk to
exhaust all available memory.
Diffstat (limited to 'comms/asterisk13')
| -rw-r--r-- | comms/asterisk13/Makefile | 4 | ||||
| -rw-r--r-- | comms/asterisk13/distinfo | 18 |
2 files changed, 11 insertions, 11 deletions
diff --git a/comms/asterisk13/Makefile b/comms/asterisk13/Makefile index 8ac8da4a8db..14b905384e6 100644 --- a/comms/asterisk13/Makefile +++ b/comms/asterisk13/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.26 2017/05/13 22:39:13 jnemeth Exp $ +# $NetBSD: Makefile,v 1.27 2017/05/29 20:52:37 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked; look in ${WRKSRC}/sounds/Makefile # to find out the current sound file versions -DISTNAME= asterisk-13.15.0 +DISTNAME= asterisk-13.15.1 #PKGREVISION= 4 CATEGORIES= comms net audio MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ diff --git a/comms/asterisk13/distinfo b/comms/asterisk13/distinfo index 7bb37cf501b..d9b5d19f5f0 100644 --- a/comms/asterisk13/distinfo +++ b/comms/asterisk13/distinfo @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.12 2017/05/13 22:39:13 jnemeth Exp $ +$NetBSD: distinfo,v 1.13 2017/05/29 20:52:37 jnemeth Exp $ -SHA1 (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 6095d1456a8f10c67caaba266268caac61304c93 -RMD160 (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 374378224081f554e78195a139908f73d47d2321 -SHA512 (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 1015cc61e2fafb9f636970538cf3680af8f26b46d62dc24c6cdd8050f6b5e7db024cd1bb9e512771f9f88316d9d0695e294cb6173d47e0e8e89d06baa010dd47 -Size (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 32851716 bytes -SHA1 (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 831ae6442e23cbef1e7d1c84798778ad0b0524d1 -RMD160 (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = d52df795201c53fc4cd7d99ed41516e312f6f0f3 -SHA512 (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = c7d3c3fd2c854e6776801312d34bf69bbed78a443c16121637f508c5275f18b1d415cbb6e4f6f8c5aa3769cbbfa1a11485b9972053777f3ac39256c2c81729f1 -Size (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 4256538 bytes +SHA1 (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = f7d32a31e5a45624a38f9604ac8e434c6b0ecd7c +RMD160 (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = c89f27ab4362ee64cad4376e96eb4ede630a2de1 +SHA512 (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = 2ee19853431b890c988b69e03604b0d39b9764a93074c22a9975bde7d6f432582a00c2e841be6c6fd5f86fab338b9e717d4a7912e4fbac5034cb7a0dcf3b2337 +Size (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = 32828857 bytes +SHA1 (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 831ae6442e23cbef1e7d1c84798778ad0b0524d1 +RMD160 (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = d52df795201c53fc4cd7d99ed41516e312f6f0f3 +SHA512 (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = c7d3c3fd2c854e6776801312d34bf69bbed78a443c16121637f508c5275f18b1d415cbb6e4f6f8c5aa3769cbbfa1a11485b9972053777f3ac39256c2c81729f1 +Size (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 4256538 bytes SHA1 (patch-Makefile) = 1373ea4cfab46f701cef0f5c61a6a1604e710bf5 SHA1 (patch-addons_chan__ooh323.c) = 9cba619ced6a4449604faebeac33d91a23519c48 SHA1 (patch-apps_app__dumpchan.c) = 127ac02bdc180ad2334cd095aa6e646feb6fba10 |