Package: asterisk / 1:1.6.2.9-2+squeeze12

Metadata

Package Version Patches format
asterisk 1:1.6.2.9-2+squeeze12 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
AST 2012 013 | (download)

channels/chan_iax2.c | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 ast-2012-013: acl rules ignored during calls by some iax2 peers
AST 2012 014 | (download)

channels/chan_sip.c | 3 2 + 1 - 0 !
main/http.c | 9 7 + 2 - 0 !
2 files changed, 9 insertions(+), 3 deletions(-)

 resolve crashes due to large stack allocations when using tcp
AST 2012 015 | (download)

apps/app_meetme.c | 16 8 + 8 - 0 !
channels/chan_agent.c | 18 9 + 9 - 0 !
channels/chan_dahdi.c | 2 1 + 1 - 0 !
channels/chan_iax2.c | 31 18 + 13 - 0 !
channels/chan_local.c | 3 3 + 0 - 0 !
channels/chan_sip.c | 16 10 + 6 - 0 !
channels/chan_skinny.c | 16 8 + 8 - 0 !
funcs/func_devstate.c | 6 3 + 3 - 0 !
include/asterisk/channel.h | 6 6 + 0 - 0 !
include/asterisk/devicestate.h | 16 13 + 3 - 0 !
include/asterisk/event_defs.h | 8 7 + 1 - 0 !
main/channel.c | 6 4 + 2 - 0 !
main/devicestate.c | 51 33 + 18 - 0 !
main/event.c | 1 1 + 0 - 0 !
main/features.c | 2 1 + 1 - 0 !
15 files changed, 125 insertions(+), 73 deletions(-)

 prevent exhaustion of system resources through exploitation of event cache
CVE: CVE-2012-5977
AST 2013 004 | (download)

channels/chan_sip.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 ast-2013-004: fix crash when handling ack on dialog that has no channel
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-21064
CVE: CVE-2013-5641
AST 2013 005 | (download)

channels/chan_sip.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 ast-2013-005: fix crash caused by invalid sdp
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-22007
CVE: CVE-2013-5642
AST 2013 006 | (download)

apps/app_sms.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 app_sms: bufferoverflow when receiving odd length 16 bit message
ASTERISK 20658 | (download)

funcs/func_realtime.c | 17 17 + 0 - 0 !
main/config.c | 11 11 + 0 - 0 !
2 files changed, 28 insertions(+)

 prevent crashes from occurring when reading from data sources with large values

When reading configuration data from an Asterisk .conf file or when pulling
data from an Asterisk RealTime backend, Asterisk was copying the data on the
stack for manipulation. Unfortunately, it is possible to read configuration
data or realtime data from some data source that provides a large blob of
characters. This could potentially cause a crash via a stack overflow.

This patch prevents large sets of data from being read from an ARA backend or
from an Asterisk conf file.

Reported by: wdoekes
Tested by: wdoekes, mmichelson
patches:
 * issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674)
 * issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674)


AST 2013 007 | (download)

README-SERIOUSLY.bestpractices.txt | 24 24 + 0 - 0 !
UPGRADE.txt | 9 9 + 0 - 0 !
funcs/func_db.c | 20 19 + 1 - 0 !
funcs/func_env.c | 14 12 + 2 - 0 !
funcs/func_lock.c | 21 18 + 3 - 0 !
funcs/func_realtime.c | 60 40 + 20 - 0 !
funcs/func_shell.c | 19 12 + 7 - 0 !
include/asterisk/pbx.h | 54 54 + 0 - 0 !
main/asterisk.c | 5 5 + 0 - 0 !
main/pbx.c | 252 249 + 3 - 0 !
main/tcptls.c | 11 11 + 0 - 0 !
11 files changed, 453 insertions(+), 36 deletions(-)

 inhibit execution of privilege escalating functions