Package: asterisk / 1:13.14.1~dfsg-2+deb9u4

Metadata

Package Version Patches format
asterisk 1:13.14.1~dfsg-2+deb9u4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
AST 2018 004 13.diff | (download)

res/res_pjsip_pubsub.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

---
AST 2018 005 13.diff | (download)

CHANGES | 7 7 + 0 - 0 !
res/res_pjsip.c | 14 13 + 1 - 0 !
res/res_pjsip/include/res_pjsip_private.h | 28 28 + 0 - 0 !
res/res_pjsip/pjsip_distributor.c | 8 6 + 2 - 0 !
res/res_pjsip/pjsip_transport_management.c | 394 394 + 0 - 0 !
res/res_pjsip_session.c | 8 6 + 2 - 0 !
res/res_pjsip_transport_management.c | 418 0 + 418 - 0 !
7 files changed, 454 insertions(+), 423 deletions(-)

---
AST 2018 008 13.18.diff | (download)

res/res_pjsip/pjsip_distributor.c | 38 30 + 8 - 0 !
1 file changed, 30 insertions(+), 8 deletions(-)

 [patch] ast-2018-008: fix enumeration of endpoints from acl rejected addresses.

When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden.  However, if an endpoint is not identified then a 401
unauthorized response is sent.  This vulnerability just discloses which
requests hit a defined endpoint.  The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.

* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified.  The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.

ASTERISK-27818

AST 2018 009 13.diff | (download)

res/res_http_websocket.c | 25 14 + 11 - 0 !
1 file changed, 14 insertions(+), 11 deletions(-)

 [patch] ast-2018-009: fix crash processing websocket http upgrade
 requests

The HTTP request processing in res_http_websocket allocates additional
space on the stack for various headers received during an Upgrade request.
An attacker could send a specially crafted request that causes this code
to overflow the stack, resulting in a crash.

* No longer allocate memory from the stack in a loop to parse the header
values.  NOTE: There is a slight API change when using the passed in
strings as is.  We now require the passed in strings to no longer have
leading or trailing whitespace.  This isn't a problem as the only callers
have already done this before passing the strings to the affected
function.

ASTERISK-28013 #close