This update fixes AST-2011-013 and AST-2011-014. It also adapts to changes

in the iLBC codec files.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-013

         Product        Asterisk
         Summary        Possible remote enumeration of SIP endpoints with
                        differing NAT settings
    Nature of Advisory  Unauthorized data disclosure
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    Yes
       Reported On      2011-07-18
       Reported By      Ben Williams
        Posted On
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  It is possible to enumerate SIP usernames when the general
                 and user/peer NAT settings differ in whether to respond to
                 the port a request is sent from or the port listed for
                 responses in the Via header. In 1.4 and 1.6.2, this would
                 mean if one setting was nat=yes or nat=route and the other
                 was either nat=no or nat=never. In 1.8 and 10, this would
                 mean when one was nat=force_rport or nat=yes and the other
                 was nat=no or nat=comedia.

    Resolution  Handling NAT for SIP over UDP requires the differing
                behavior introduced by these options.

                To lessen the frequency of unintended username disclosure,
                the default NAT setting was changed to always respond to the
                port from which we received the request-the most commonly
                used option.

                Warnings were added on startup to inform administrators of
                the risks of having a SIP peer configured with a different
                setting than that of the general setting. The documentation
                now strongly suggests that peers are no longer configured
                for NAT individually, but through the global setting in the
                "general" context.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source             All        All versions

                                  Corrected In
     As this is more of an issue with SIP over UDP in general, there is no
     fix supplied other than documentation on how to avoid the problem. The
        default NAT setting has been changed to what we believe the most
      commonly used setting for the respective version in Asterisk 1.4.43,
                             1.6.2.21, and 1.8.7.2.

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and
    http://downloads.digium.com/pub/security/AST-2011-013.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-014

         Product        Asterisk
         Summary        Remote crash possibility with SIP and the "automon"
                        feature enabled
    Nature of Advisory  Remote crash vulnerability in a feature that is
                        disabled by default
      Susceptibility    Remote unauthenticated sessions
         Severity       Moderate
      Exploits Known    Yes
       Reported On      November 2, 2011
       Reported By      Kristijan Vrban
        Posted On       2011-11-03
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  When the "automon" feature is enabled in features.conf, it
                 is possible to send a sequence of SIP requests that cause
                 Asterisk to dereference a NULL pointer and crash.

    Resolution  Applying the referenced patches that check that the pointer
                is not NULL before accessing it will resolve the issue. The
                "automon" feature can be disabled in features.conf as a
                workaround.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source           1.6.2.x      All versions
         Asterisk Open Source            1.8.x       All versions

                                  Corrected In
                   Product                              Release
            Asterisk Open Source                   1.6.2.21, 1.8.7.2

                                     Patches
                              Download URL                            Revision
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff   1.8.7.1

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-014.pdf and
    http://downloads.digium.com/pub/security/AST-2011-014.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-014
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
This commit is contained in:
jnemeth 2011-12-12 05:05:33 +00:00
parent b58c786ac2
commit 2e4af05973
3 changed files with 21 additions and 22 deletions

View file

@ -1,10 +1,9 @@
# $NetBSD: Makefile,v 1.34 2011/12/05 04:18:32 jnemeth Exp $
# $NetBSD: Makefile,v 1.35 2011/12/12 05:05:33 jnemeth Exp $
#
# NOTE: when updating this package, there are two places that sound
# tarballs need to be checked
DISTNAME= asterisk-1.6.2.19
PKGREVISION= 2
DISTNAME= asterisk-1.6.2.21
DIST_SUBDIR= ${PKGNAME_NOREV}
DISTFILES= ${DEFAULT_DISTFILES}
EXTRACT_ONLY= ${DISTNAME}.tar.gz

View file

@ -1,17 +1,17 @@
$NetBSD: distinfo,v 1.22 2011/07/05 08:34:47 jnemeth Exp $
$NetBSD: distinfo,v 1.23 2011/12/12 05:05:34 jnemeth Exp $
SHA1 (asterisk-1.6.2.19/asterisk-1.6.2.19.tar.gz) = a81b426fa5146696abfdacd171f31f48aa976eb7
RMD160 (asterisk-1.6.2.19/asterisk-1.6.2.19.tar.gz) = 89710872034d9ebaa54d66ed0d7f5f6724caa780
Size (asterisk-1.6.2.19/asterisk-1.6.2.19.tar.gz) = 23818324 bytes
SHA1 (asterisk-1.6.2.19/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
RMD160 (asterisk-1.6.2.19/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
Size (asterisk-1.6.2.19/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
SHA1 (asterisk-1.6.2.19/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
RMD160 (asterisk-1.6.2.19/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
Size (asterisk-1.6.2.19/extract-cfile.awk) = 667 bytes
SHA1 (asterisk-1.6.2.19/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
RMD160 (asterisk-1.6.2.19/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
Size (asterisk-1.6.2.19/rfc3951.txt) = 373442 bytes
SHA1 (asterisk-1.6.2.21/asterisk-1.6.2.21.tar.gz) = 6b7e6868a826d45234c537763d5d20cb0ffc6f97
RMD160 (asterisk-1.6.2.21/asterisk-1.6.2.21.tar.gz) = c7e326c69b2e7951477ef8a22f74ccda012eef74
Size (asterisk-1.6.2.21/asterisk-1.6.2.21.tar.gz) = 23807382 bytes
SHA1 (asterisk-1.6.2.21/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
RMD160 (asterisk-1.6.2.21/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
Size (asterisk-1.6.2.21/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
SHA1 (asterisk-1.6.2.21/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
RMD160 (asterisk-1.6.2.21/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
Size (asterisk-1.6.2.21/extract-cfile.txt) = 643 bytes
SHA1 (asterisk-1.6.2.21/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
RMD160 (asterisk-1.6.2.21/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
Size (asterisk-1.6.2.21/rfc3951.txt) = 373442 bytes
SHA1 (patch-aa) = 8c2a3c75adff34474c8f416bcea5842e771e4631
SHA1 (patch-af) = 09860d714281cb4c65d1a087cf5b16647a16e2fa
SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5

View file

@ -1,4 +1,4 @@
# $NetBSD: options.mk,v 1.11 2011/10/11 03:15:50 jnemeth Exp $
# $NetBSD: options.mk,v 1.12 2011/12/12 05:05:34 jnemeth Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.asterisk
PKG_SUPPORTED_OPTIONS= zaptel x11 unixodbc ilbc webvmail ldap
@ -44,9 +44,9 @@ CONFIGURE_ARGS+= --without-odbc
.if !empty(PKG_OPTIONS:Milbc)
DISTFILES+= rfc3951.txt
SITES.rfc3951.txt= http://www.ietf.org/rfc/
DISTFILES+= extract-cfile.awk
SITES.extract-cfile.awk= http://www.ilbcfreeware.org/documentation/
USE_TOOLS+= awk
DISTFILES+= extract-cfile.txt
SITES.extract-cfile.txt= http://www.ilbcfreeware.org/documentation/
USE_TOOLS+= awk tr
PLIST.ilbc= yes
.endif
@ -72,8 +72,8 @@ post-configure:
post-extract:
.if !empty(PKG_OPTIONS:Milbc)
cp ${DISTDIR}/${DIST_SUBDIR}/rfc3951.txt ${WRKSRC}/codecs/ilbc
cp ${DISTDIR}/${DIST_SUBDIR}/extract-cfile.awk ${WRKSRC}/codecs/ilbc
cd ${WRKSRC}/codecs/ilbc && ${AWK} -f extract-cfile.awk < rfc3951.txt
cp ${DISTDIR}/${DIST_SUBDIR}/extract-cfile.txt ${WRKSRC}/codecs/ilbc
cd ${WRKSRC}/codecs/ilbc && ${TR} -d '\r' < extract-cfile.txt | ${AWK} -f - rfc3951.txt
.endif
.if !empty(PKG_OPTIONS:Mwebvmail)