kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/comms/asterisk18
History
jnemeth 125c097b80 Update to Asterisk 1.8.4.4 (fixes AST-2011-011): 
Asterisk Project Security Advisory - AST-2011-011

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Possible enumeration of SIP users due to          |
   |                    | differing authentication responses                |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Unauthorized data disclosure                      |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2011-2536                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | Asterisk may respond differently to SIP requests from an |
   |             | invalid SIP user than it does to a user configured on    |
   |             | the system, even when the alwaysauthreject option is set |
   |             | in the configuration. This can leak information about    |
   |             | what SIP users are valid on the Asterisk system.         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Respond to SIP requests from invalid and valid SIP users  |
   |            | in the same way. Asterisk 1.4 and 1.6.2 do not respond    |
   |            | identically by default due to backward-compatibility      |
   |            | reasons, and must have alwaysauthreject=yes set in        |
   |            | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes.  |
   |            |                                                           |
   |            | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4    |
   |            | and 1.6.2 set alwaysauthreject=yes in the general section |
   |            | of sip.conf.                                              |
   +------------------------------------------------------------------------+
2011-07-05 08:42:56 +00:00
..
files
patches Upgrade to 1.8.4.2. This fixes several security issues including: 2011-06-09 09:17:27 +00:00
DESCR
distinfo Update to Asterisk 1.8.4.4 (fixes AST-2011-011): 2011-07-05 08:42:56 +00:00
Makefile Update to Asterisk 1.8.4.4 (fixes AST-2011-011): 2011-07-05 08:42:56 +00:00
MESSAGE
options.mk Add a spandsp option which pulls in comms/spandsp and links against it 2011-02-06 08:30:17 +00:00
PLIST Update to Asterisk 1.8.4.4 (fixes AST-2011-011): 2011-07-05 08:42:56 +00:00