All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] asterisk: security bump to version 14.7.6
@ 2018-02-23  8:37 Peter Korsgaard
  2018-02-25 21:19 ` Thomas Petazzoni
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2018-02-23  8:37 UTC (permalink / raw)
  To: buildroot

Fixes the following security issues:

AST-2018-002: Crash when given an invalid SDP media format description

By crafting an SDP message with an invalid media format description Asterisk
crashes when using the pjsip channel driver because pjproject's sdp parsing
algorithm fails to catch the invalid media format description.

AST-2018-003: Crash with an invalid SDP fmtp attribute

By crafting an SDP message body with an invalid fmtp attribute Asterisk
crashes when using the pjsip channel driver because pjproject's fmtp
retrieval function fails to check if fmtp value is empty (set empty if
previously parsed as invalid).

AST-2018-004: Crash when receiving SUBSCRIBE request

When processing a SUBSCRIBE request the res_pjsip_pubsub  module stores the
accepted formats present in the Accept headers of the request.  This code
did not limit the number of headers it processed despite having a fixed
limit of 32.  If more than 32 Accept headers were present the code would
write outside of its memory and cause a crash.

AST-2018-005: Crash when large numbers of TCP connections are closed suddenly

A crash occurs when a number of authenticated INVITE messages are sent over
TCP or TLS and then the connection is suddenly closed.  This issue leads to
a segmentation fault.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/asterisk/asterisk.hash | 2 +-
 package/asterisk/asterisk.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/asterisk/asterisk.hash b/package/asterisk/asterisk.hash
index f537c2df66..a3e9d10aff 100644
--- a/package/asterisk/asterisk.hash
+++ b/package/asterisk/asterisk.hash
@@ -1,5 +1,5 @@
 # Locally computed
-sha256  6525170fa16fecb08cb3cde2c1bd5d3140df55b14e4561ac0771fbd1e04b3b75  asterisk-14.7.5.tar.gz
+sha256  249cf223ef4dd7aea01f0d250a6b9cad661ebd78910c73adb7f59c1c46f9fed8  asterisk-14.7.6.tar.gz
 
 # sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
 # sha256 locally computed
diff --git a/package/asterisk/asterisk.mk b/package/asterisk/asterisk.mk
index fc9a961c89..f14c008111 100644
--- a/package/asterisk/asterisk.mk
+++ b/package/asterisk/asterisk.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ASTERISK_VERSION = 14.7.5
+ASTERISK_VERSION = 14.7.6
 # Use the github mirror: it's an official mirror maintained by Digium, and
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] asterisk: security bump to version 14.7.6
  2018-02-23  8:37 [Buildroot] [PATCH] asterisk: security bump to version 14.7.6 Peter Korsgaard
@ 2018-02-25 21:19 ` Thomas Petazzoni
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2018-02-25 21:19 UTC (permalink / raw)
  To: buildroot

Hello,

On Fri, 23 Feb 2018 09:37:10 +0100, Peter Korsgaard wrote:
> Fixes the following security issues:
> 
> AST-2018-002: Crash when given an invalid SDP media format description
> 
> By crafting an SDP message with an invalid media format description Asterisk
> crashes when using the pjsip channel driver because pjproject's sdp parsing
> algorithm fails to catch the invalid media format description.
> 
> AST-2018-003: Crash with an invalid SDP fmtp attribute
> 
> By crafting an SDP message body with an invalid fmtp attribute Asterisk
> crashes when using the pjsip channel driver because pjproject's fmtp
> retrieval function fails to check if fmtp value is empty (set empty if
> previously parsed as invalid).
> 
> AST-2018-004: Crash when receiving SUBSCRIBE request
> 
> When processing a SUBSCRIBE request the res_pjsip_pubsub  module stores the
> accepted formats present in the Accept headers of the request.  This code
> did not limit the number of headers it processed despite having a fixed
> limit of 32.  If more than 32 Accept headers were present the code would
> write outside of its memory and cause a crash.
> 
> AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
> 
> A crash occurs when a number of authenticated INVITE messages are sent over
> TCP or TLS and then the connection is suddenly closed.  This issue leads to
> a segmentation fault.
> 
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/asterisk/asterisk.hash | 2 +-
>  package/asterisk/asterisk.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-02-25 21:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-23  8:37 [Buildroot] [PATCH] asterisk: security bump to version 14.7.6 Peter Korsgaard
2018-02-25 21:19 ` Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.