Package: asterisk / 1:13.14.1~dfsg-2+deb9u4
Metadata
| Package | Version | Patches format |
|---|---|---|
| asterisk | 1:13.14.1~dfsg-2+deb9u4 | 3.0 (quilt) |
Patch series
view the series file| Patch | File delta | Description |
|---|---|---|
| AST 2018 004 13.diff | (download) |
res/res_pjsip_pubsub.c |
5 3 + 2 - 0 ! |
--- |
| AST 2018 005 13.diff | (download) |
CHANGES |
7 7 + 0 - 0 ! |
--- |
| AST 2018 008 13.18.diff | (download) |
res/res_pjsip/pjsip_distributor.c |
38 30 + 8 - 0 ! |
[patch] ast-2018-008: fix enumeration of endpoints from acl rejected addresses. When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. * Made endpoint specific ACL rules now respond with a 401 unauthorized which is the same as if an endpoint were not identified. The fix is accomplished by replacing the found endpoint with the artificial endpoint which always fails authentication. ASTERISK-27818 |
| AST 2018 009 13.diff | (download) |
res/res_http_websocket.c |
25 14 + 11 - 0 ! |
[patch] ast-2018-009: fix crash processing websocket http upgrade requests The HTTP request processing in res_http_websocket allocates additional space on the stack for various headers received during an Upgrade request. An attacker could send a specially crafted request that causes this code to overflow the stack, resulting in a crash. * No longer allocate memory from the stack in a loop to parse the header values. NOTE: There is a slight API change when using the passed in strings as is. We now require the passed in strings to no longer have leading or trailing whitespace. This isn't a problem as the only callers have already done this before passing the strings to the affected function. ASTERISK-28013 #close |