From 54d7eb748f88bb3648051a3e055564503643a0bd Mon Sep 17 00:00:00 2001 From: mjl Date: Thu, 19 Oct 2006 14:02:07 +0000 Subject: Update to asterisk 1.2.13 This release contains a fix for a security vulnerability recently found in the chan_skinny channel driver (for Cisco SCCP phones). This vulnerability would enable an attacker to remotely execute code as the system user running Asterisk (frequently 'root'). The exploit does not require that the skinny.conf contain any valid phone entries, only that chan_skinny is loaded and operational. This release also contains a number of bug fixes, and some improvements to the chan_sip channel driver (for SIP devices) to mitigate the impacts of a certain class of denial-of-service attacks that have recently been published. All Asterisk 1.2 users are urged to update to this release if they use the chan_skinny channel driver, or to stop loading it if it is not needed ('noload=>chan_skinny.so' in modules.conf will cause this behavior). --- comms/asterisk/Makefile | 4 ++-- comms/asterisk/distinfo | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'comms/asterisk') diff --git a/comms/asterisk/Makefile b/comms/asterisk/Makefile index 3a0bcc585bc..205c0007dd6 100644 --- a/comms/asterisk/Makefile +++ b/comms/asterisk/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.32 2006/09/13 09:28:35 mjl Exp $ +# $NetBSD: Makefile,v 1.33 2006/10/19 14:02:07 mjl Exp $ -DISTNAME= asterisk-1.2.12.1 +DISTNAME= asterisk-1.2.13 CATEGORIES= comms net audio MASTER_SITES= http://ftp.digium.com/pub/asterisk/ \ http://ftp.digium.com/pub/asterisk/old-releases/ diff --git a/comms/asterisk/distinfo b/comms/asterisk/distinfo index 472ad6ae825..312b3416015 100644 --- a/comms/asterisk/distinfo +++ b/comms/asterisk/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.20 2006/09/16 15:29:35 hira Exp $ +$NetBSD: distinfo,v 1.21 2006/10/19 14:02:07 mjl Exp $ -SHA1 (asterisk-1.2.12.1.tar.gz) = 6352ca330b8fa0ae9eb0816272070a1bce58c93b -RMD160 (asterisk-1.2.12.1.tar.gz) = 9950eea63e03ffd5845f6a34f46680eec5a0a53b -Size (asterisk-1.2.12.1.tar.gz) = 10576676 bytes +SHA1 (asterisk-1.2.13.tar.gz) = d2ec77e08f512a3fa11fd8639a7fe629a46ed242 +RMD160 (asterisk-1.2.13.tar.gz) = 7cf9e00a0697b16891b463345c64a615c30015a3 +Size (asterisk-1.2.13.tar.gz) = 10584113 bytes SHA1 (patch-aa) = e457617cb3fbec6a67971258af145cc25f0ca03e SHA1 (patch-ab) = 1bdae0ff206b63fe63373a307ecd23859c10cb79 SHA1 (patch-ac) = 4f783699c7d701030788646f8b961fa9245dc127 -- cgit v1.2.3