pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/comms/asterisk13 Add fixes for AST-2017-002, AST-2017-...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/024e8d276ec0
branches:  trunk
changeset: 362985:024e8d276ec0
user:      jnemeth <jnemeth%pkgsrc.org@localhost>
date:      Mon May 29 20:52:37 2017 +0000

description:
Add fixes for AST-2017-002, AST-2017-003, and AST-2017-004.  Note
that the first two don't affect pkgsrc as we are using chan_sip
not PJSIP.  The last only affects users of SCCP, which is Cisco's
proprietary protocol.

----- AST-2017-002

A remote crash can be triggered by sending a SIP packet to
Asterisk with a specially crafted CSeq header and a Via
header with no branch parameter. The issue is that the
PJSIP RFC 2543 transaction key generation algorithm does
not allocate a large enough buffer. By overrunning the
buffer, the memory allocation table becomes corrupted,
leading to an eventual crash.

This issue is in PJSIP, and so the issue can be fixed
without performing an upgrade of Asterisk at all. However,
we are releasing a new version of Asterisk with the bundled
PJProject updated to include the fix.

If you are running Asterisk with chan_sip, this issue does
not affect you.

----- AST-2017-003

The multi-part body parser in PJSIP contains a logical
error that can make certain multi-part body parts attempt
to read memory from outside the allowed boundaries. A
specially-crafted packet can trigger these invalid reads
and potentially induce a crash.

The issue is within the PJSIP project and not in Asterisk.
Therefore, the problem can be fixed without upgrading
Asterisk. However, we will be releasing a new version of
Asterisk where the bundled version of PJSIP has been
updated to have the bug patched.

If you are using Asterisk with chan_sip, this issue does
not affect you.

----- AST-2017-004

A remote memory exhaustion can be triggered by sending an
SCCP packet to Asterisk system with chan_skinny enabled
that is larger than the length of the SCCP header but
smaller than the packet length specified in the header. The
loop that reads the rest of the packet doesn't detect that
the call to read() returned end-of-file before the expected
number of bytes and continues infinitely. The partial
data message logging in that tight loop causes Asterisk to
exhaust all available memory.

diffstat:

 comms/asterisk13/Makefile |   4 ++--
 comms/asterisk13/distinfo |  18 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diffs (42 lines):

diff -r c93f040bfe0d -r 024e8d276ec0 comms/asterisk13/Makefile
--- a/comms/asterisk13/Makefile Mon May 29 18:56:49 2017 +0000
+++ b/comms/asterisk13/Makefile Mon May 29 20:52:37 2017 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.26 2017/05/13 22:39:13 jnemeth Exp $
+# $NetBSD: Makefile,v 1.27 2017/05/29 20:52:37 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked; look in ${WRKSRC}/sounds/Makefile
 #       to find out the current sound file versions
 
-DISTNAME=      asterisk-13.15.0
+DISTNAME=      asterisk-13.15.1
 #PKGREVISION=  4
 CATEGORIES=    comms net audio
 MASTER_SITES=  http://downloads.asterisk.org/pub/telephony/asterisk/
diff -r c93f040bfe0d -r 024e8d276ec0 comms/asterisk13/distinfo
--- a/comms/asterisk13/distinfo Mon May 29 18:56:49 2017 +0000
+++ b/comms/asterisk13/distinfo Mon May 29 20:52:37 2017 +0000
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.12 2017/05/13 22:39:13 jnemeth Exp $
+$NetBSD: distinfo,v 1.13 2017/05/29 20:52:37 jnemeth Exp $
 
-SHA1 (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 6095d1456a8f10c67caaba266268caac61304c93
-RMD160 (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 374378224081f554e78195a139908f73d47d2321
-SHA512 (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 1015cc61e2fafb9f636970538cf3680af8f26b46d62dc24c6cdd8050f6b5e7db024cd1bb9e512771f9f88316d9d0695e294cb6173d47e0e8e89d06baa010dd47
-Size (asterisk-13.15.0/asterisk-13.15.0.tar.gz) = 32851716 bytes
-SHA1 (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 831ae6442e23cbef1e7d1c84798778ad0b0524d1
-RMD160 (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = d52df795201c53fc4cd7d99ed41516e312f6f0f3
-SHA512 (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = c7d3c3fd2c854e6776801312d34bf69bbed78a443c16121637f508c5275f18b1d415cbb6e4f6f8c5aa3769cbbfa1a11485b9972053777f3ac39256c2c81729f1
-Size (asterisk-13.15.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 4256538 bytes
+SHA1 (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = f7d32a31e5a45624a38f9604ac8e434c6b0ecd7c
+RMD160 (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = c89f27ab4362ee64cad4376e96eb4ede630a2de1
+SHA512 (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = 2ee19853431b890c988b69e03604b0d39b9764a93074c22a9975bde7d6f432582a00c2e841be6c6fd5f86fab338b9e717d4a7912e4fbac5034cb7a0dcf3b2337
+Size (asterisk-13.15.1/asterisk-13.15.1.tar.gz) = 32828857 bytes
+SHA1 (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 831ae6442e23cbef1e7d1c84798778ad0b0524d1
+RMD160 (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = d52df795201c53fc4cd7d99ed41516e312f6f0f3
+SHA512 (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = c7d3c3fd2c854e6776801312d34bf69bbed78a443c16121637f508c5275f18b1d415cbb6e4f6f8c5aa3769cbbfa1a11485b9972053777f3ac39256c2c81729f1
+Size (asterisk-13.15.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 4256538 bytes
 SHA1 (patch-Makefile) = 1373ea4cfab46f701cef0f5c61a6a1604e710bf5
 SHA1 (patch-addons_chan__ooh323.c) = 9cba619ced6a4449604faebeac33d91a23519c48
 SHA1 (patch-apps_app__dumpchan.c) = 127ac02bdc180ad2334cd095aa6e646feb6fba10



Home | Main Index | Thread Index | Old Index