Update to Asterisk 1.8.4.4 (fixes AST-2011-011):
Asterisk Project Security Advisory - AST-2011-011
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Possible enumeration of SIP users due to |
| | differing authentication responses |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Unauthorized data disclosure |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2011-2536 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | Asterisk may respond differently to SIP requests from an |
| | invalid SIP user than it does to a user configured on |
| | the system, even when the alwaysauthreject option is set |
| | in the configuration. This can leak information about |
| | what SIP users are valid on the Asterisk system. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Respond to SIP requests from invalid and valid SIP users |
| | in the same way. Asterisk 1.4 and 1.6.2 do not respond |
| | identically by default due to backward-compatibility |
| | reasons, and must have alwaysauthreject=yes set in |
| | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. |
| | |
| | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 |
| | and 1.6.2 set alwaysauthreject=yes in the general section |
| | of sip.conf. |
+------------------------------------------------------------------------+
(jnemeth)
diff -r1.9 -r1.10 pkgsrc/comms/asterisk18/Makefile| @@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.9 2011/06/09 09:17:27 jnemeth Exp $ | 1 | # $NetBSD: Makefile,v 1.10 2011/07/05 08:42:56 jnemeth Exp $ | |
| 2 | # | 2 | # | |
| 3 | # NOTE: when updating this package, there are two places that sound | 3 | # NOTE: when updating this package, there are two places that sound | |
| 4 | # tarballs need to be checked | 4 | # tarballs need to be checked | |
| 5 | 5 | |||
| 6 | DISTNAME= asterisk-1.8.4.2 | 6 | DISTNAME= asterisk-1.8.4.4 | |
| 7 | DIST_SUBDIR= ${PKGNAME_NOREV} | 7 | DIST_SUBDIR= ${PKGNAME_NOREV} | |
| 8 | DISTFILES= ${DEFAULT_DISTFILES} | 8 | DISTFILES= ${DEFAULT_DISTFILES} | |
| 9 | EXTRACT_ONLY= ${DISTNAME}.tar.gz | 9 | EXTRACT_ONLY= ${DISTNAME}.tar.gz | |
| 10 | CATEGORIES= comms net audio | 10 | CATEGORIES= comms net audio | |
| 11 | MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ | 11 | MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ | |
| 12 | http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ | 12 | http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ | |
| 13 | http://downloads.asterisk.org/pub/telephony/sounds/releases/ | 13 | http://downloads.asterisk.org/pub/telephony/sounds/releases/ | |
| 14 | 14 | |||
| 15 | OWNER= jnemeth@NetBSD.org | 15 | OWNER= jnemeth@NetBSD.org | |
| 16 | HOMEPAGE= http://www.asterisk.org/ | 16 | HOMEPAGE= http://www.asterisk.org/ | |
| 17 | COMMENT= The Asterisk Software PBX | 17 | COMMENT= The Asterisk Software PBX | |
| 18 | LICENSE= gnu-gpl-v2 | 18 | LICENSE= gnu-gpl-v2 | |
| 19 | 19 |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.4 2011/06/09 09:17:27 jnemeth Exp $ | 1 | @comment $NetBSD: PLIST,v 1.5 2011/07/05 08:42:56 jnemeth Exp $ | |
| 2 | include/asterisk.h | 2 | include/asterisk.h | |
| 3 | include/asterisk/_private.h | 3 | include/asterisk/_private.h | |
| 4 | include/asterisk/abstract_jb.h | 4 | include/asterisk/abstract_jb.h | |
| 5 | include/asterisk/acl.h | 5 | include/asterisk/acl.h | |
| 6 | include/asterisk/adsi.h | 6 | include/asterisk/adsi.h | |
| 7 | include/asterisk/ael_structs.h | 7 | include/asterisk/ael_structs.h | |
| 8 | include/asterisk/agi.h | 8 | include/asterisk/agi.h | |
| 9 | include/asterisk/alaw.h | 9 | include/asterisk/alaw.h | |
| 10 | include/asterisk/aoc.h | 10 | include/asterisk/aoc.h | |
| 11 | include/asterisk/app.h | 11 | include/asterisk/app.h | |
| 12 | include/asterisk/ast_expr.h | 12 | include/asterisk/ast_expr.h | |
| 13 | include/asterisk/ast_version.h | 13 | include/asterisk/ast_version.h | |
| 14 | include/asterisk/astdb.h | 14 | include/asterisk/astdb.h | |
| @@ -2227,16 +2227,19 @@ share/examples/asterisk/sip_notify.conf | @@ -2227,16 +2227,19 @@ share/examples/asterisk/sip_notify.conf | |||
| 2227 | share/examples/asterisk/skinny.conf | 2227 | share/examples/asterisk/skinny.conf | |
| 2228 | share/examples/asterisk/sla.conf | 2228 | share/examples/asterisk/sla.conf | |
| 2229 | share/examples/asterisk/smdi.conf | 2229 | share/examples/asterisk/smdi.conf | |
| 2230 | share/examples/asterisk/telcordia-1.adsi | 2230 | share/examples/asterisk/telcordia-1.adsi | |
| 2231 | share/examples/asterisk/udptl.conf | 2231 | share/examples/asterisk/udptl.conf | |
| 2232 | share/examples/asterisk/unistim.conf | 2232 | share/examples/asterisk/unistim.conf | |
| 2233 | share/examples/asterisk/usbradio.conf | 2233 | share/examples/asterisk/usbradio.conf | |
| 2234 | share/examples/asterisk/users.conf | 2234 | share/examples/asterisk/users.conf | |
| 2235 | share/examples/asterisk/voicemail.conf | 2235 | share/examples/asterisk/voicemail.conf | |
| 2236 | share/examples/asterisk/vpb.conf | 2236 | share/examples/asterisk/vpb.conf | |
| 2237 | share/examples/rc.d/asterisk | 2237 | share/examples/rc.d/asterisk | |
| 2238 | ${PLIST.webvmail}share/httpd/htdocs/_asterisk/animlogo.gif | 2238 | ${PLIST.webvmail}share/httpd/htdocs/_asterisk/animlogo.gif | |
| 2239 | ${PLIST.webvmail}share/httpd/htdocs/_asterisk/play.gif | 2239 | ${PLIST.webvmail}share/httpd/htdocs/_asterisk/play.gif | |
| 2240 | @pkgdir libdata/asterisk/sounds/fr | |||
| 2241 | @pkgdir libdata/asterisk/sounds/es | |||
| 2242 | @pkgdir libdata/asterisk/sounds/en_AU | |||
| 2240 | @pkgdir libdata/asterisk/keys | 2243 | @pkgdir libdata/asterisk/keys | |
| 2241 | @pkgdir libdata/asterisk/firmware/iax | 2244 | @pkgdir libdata/asterisk/firmware/iax | |
| 2242 | @pkgdir libdata/asterisk/documentation/thirdparty | 2245 | @pkgdir libdata/asterisk/documentation/thirdparty |
| @@ -1,27 +1,27 @@ | @@ -1,27 +1,27 @@ | |||
| 1 | $NetBSD: distinfo,v 1.10 2011/06/09 09:17:27 jnemeth Exp $ | 1 | $NetBSD: distinfo,v 1.11 2011/07/05 08:42:56 jnemeth Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = f5fc8c0c4343ec1d6831b1810602d223af8dc9c9 | 3 | SHA1 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 07d3ae5744e2dd10c5d9564b503690f3f0b84d96 | |
| 4 | RMD160 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 403829a2fcd5f63c2a99e141442cc98fd69f4deb | 4 | RMD160 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = c95cab1b24547f1abd229dcf323cc7ed0b0b36a0 | |
| 5 | Size (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 27012984 bytes | 5 | Size (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 27326189 bytes | |
| 6 | SHA1 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 | 6 | SHA1 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 | |
| 7 | RMD160 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 | 7 | RMD160 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 | |
| 8 | Size (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes | 8 | Size (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes | |
| 9 | SHA1 (asterisk-1.8.4.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 | 9 | SHA1 (asterisk-1.8.4.4/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 | |
| 10 | RMD160 (asterisk-1.8.4.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 | 10 | RMD160 (asterisk-1.8.4.4/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 | |
| 11 | Size (asterisk-1.8.4.2/extract-cfile.awk) = 667 bytes | 11 | Size (asterisk-1.8.4.4/extract-cfile.awk) = 667 bytes | |
| 12 | SHA1 (asterisk-1.8.4.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 | 12 | SHA1 (asterisk-1.8.4.4/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 | |
| 13 | RMD160 (asterisk-1.8.4.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 | 13 | RMD160 (asterisk-1.8.4.4/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 | |
| 14 | Size (asterisk-1.8.4.2/rfc3951.txt) = 373442 bytes | 14 | Size (asterisk-1.8.4.4/rfc3951.txt) = 373442 bytes | |
| 15 | SHA1 (patch-aa) = cb3a463c51abff717d960ad70f3c13beefe6d5f4 | 15 | SHA1 (patch-aa) = cb3a463c51abff717d960ad70f3c13beefe6d5f4 | |
| 16 | SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9 | 16 | SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9 | |
| 17 | SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 | 17 | SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 | |
| 18 | SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39 | 18 | SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39 | |
| 19 | SHA1 (patch-ak) = adee75b7716a8794de1b8cb054af7a5a8f0e5ffd | 19 | SHA1 (patch-ak) = adee75b7716a8794de1b8cb054af7a5a8f0e5ffd | |
| 20 | SHA1 (patch-al) = b2a1134786d7c3b118ee8c47892f91dd2a4c783a | 20 | SHA1 (patch-al) = b2a1134786d7c3b118ee8c47892f91dd2a4c783a | |
| 21 | SHA1 (patch-am) = 5f9cbf47ec1cb66758492a5ed1bf843006eae9b7 | 21 | SHA1 (patch-am) = 5f9cbf47ec1cb66758492a5ed1bf843006eae9b7 | |
| 22 | SHA1 (patch-an) = 93a5df66fd6459fb76e9191dc3bf37b9ee5483b5 | 22 | SHA1 (patch-an) = 93a5df66fd6459fb76e9191dc3bf37b9ee5483b5 | |
| 23 | SHA1 (patch-ao) = 0663a698469550b22bb97ee1b18980bc2bc67495 | 23 | SHA1 (patch-ao) = 0663a698469550b22bb97ee1b18980bc2bc67495 | |
| 24 | SHA1 (patch-ap) = ed22f6483191f429389c0d3198d30c63b96d4df6 | 24 | SHA1 (patch-ap) = ed22f6483191f429389c0d3198d30c63b96d4df6 | |
| 25 | SHA1 (patch-aq) = b5b448df41c3751dda6340006811cb35dd304d34 | 25 | SHA1 (patch-aq) = b5b448df41c3751dda6340006811cb35dd304d34 | |
| 26 | SHA1 (patch-ar) = da8e614e68e476ce32c66fed5ee9dcb8c5f9a060 | 26 | SHA1 (patch-ar) = da8e614e68e476ce32c66fed5ee9dcb8c5f9a060 | |
| 27 | SHA1 (patch-as) = b2e1aadf49f20506243ab40796f15aab12d95bad | 27 | SHA1 (patch-as) = b2e1aadf49f20506243ab40796f15aab12d95bad |