Update to Asterisk 10.0.1. This fixes AST-2012-001: Asterisk Project Security Advisory - AST-2012-001 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SRTP Video Remote Crash Vulnerability | |----------------------+-------------------------------------------------| | Nature of Advisory | Denial of Service | |----------------------+-------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |----------------------+-------------------------------------------------| | Severity | Moderate | |----------------------+-------------------------------------------------| | Exploits Known | No | |----------------------+-------------------------------------------------| | Reported On | 2012-01-15 | |----------------------+-------------------------------------------------| | Reported By | Catalin Sanda | |----------------------+-------------------------------------------------| | Posted On | 2012-01-19 | |----------------------+-------------------------------------------------| | Last Updated On | January 19, 2012 | |----------------------+-------------------------------------------------| | Advisory Contact | Joshua Colp < jcolp AT digium DOT com > | |----------------------+-------------------------------------------------| | CVE Name | | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | An attacker attempting to negotiate a secure video | | | stream can crash Asterisk if video support has not been | | | enabled and the res_srtp Asterisk module is loaded. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | Upgrade to one of the versions of Asterisk listed in the | | | "Corrected In" section, or apply a patch specified in the | | | "Patches" section. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release Series | | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 1.8.x | All versions | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 10.x | All versions | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |------------------------------------------+-----------------------------| | Asterisk Open Source | 1.8.8.2 | |------------------------------------------+-----------------------------| | Asterisk Open Source | 10.0.1 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Patches | |------------------------------------------------------------------------| | SVN URL |Branch| |-----------------------------------------------------------------+------| |http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 | |-----------------------------------------------------------------+------| |http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/AST-2012-001.pdf and | | http://downloads.digium.com/pub/security/AST-2012-001.html | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Revision History | |------------------------------------------------------------------------| | Date | Editor | Revisions Made | |-----------------+--------------------+---------------------------------| | 12-01-19 | Joshua Colp | Initial release | +------------------------------------------------------------------------+ Asterisk Project Security Advisory - AST-2012-001 Copyright (c) 2012 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.diff -r1.2 -r1.3 pkgsrc/comms/asterisk10/Makefile
(jnemeth)
@@ -1,20 +1,19 @@ | @@ -1,20 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.2 2012/01/17 07:07:33 jnemeth Exp $ | 1 | # $NetBSD: Makefile,v 1.3 2012/01/20 07:29:08 jnemeth Exp $ | |
2 | # | 2 | # | |
3 | # NOTE: when updating this package, there are two places that sound | 3 | # NOTE: when updating this package, there are two places that sound | |
4 | # tarballs need to be checked | 4 | # tarballs need to be checked | |
5 | 5 | |||
6 | DISTNAME= asterisk-10.0.0 | 6 | DISTNAME= asterisk-10.0.1 | |
7 | PKGREVISION= 1 | |||
8 | DIST_SUBDIR= ${PKGNAME_NOREV} | 7 | DIST_SUBDIR= ${PKGNAME_NOREV} | |
9 | DISTFILES= ${DEFAULT_DISTFILES} | 8 | DISTFILES= ${DEFAULT_DISTFILES} | |
10 | EXTRACT_ONLY= ${DISTNAME}.tar.gz | 9 | EXTRACT_ONLY= ${DISTNAME}.tar.gz | |
11 | CATEGORIES= comms net audio | 10 | CATEGORIES= comms net audio | |
12 | MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ | 11 | MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ | |
13 | http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ | 12 | http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ | |
14 | http://downloads.asterisk.org/pub/telephony/sounds/releases/ | 13 | http://downloads.asterisk.org/pub/telephony/sounds/releases/ | |
15 | 14 | |||
16 | OWNER= jnemeth@NetBSD.org | 15 | OWNER= jnemeth@NetBSD.org | |
17 | HOMEPAGE= http://www.asterisk.org/ | 16 | HOMEPAGE= http://www.asterisk.org/ | |
18 | COMMENT= The Asterisk Software PBX | 17 | COMMENT= The Asterisk Software PBX | |
19 | LICENSE= gnu-gpl-v2 | 18 | LICENSE= gnu-gpl-v2 | |
20 | 19 |
@@ -1,27 +1,27 @@ | @@ -1,27 +1,27 @@ | |||
1 | $NetBSD: distinfo,v 1.1.1.1 2012/01/15 18:36:20 jnemeth Exp $ | 1 | $NetBSD: distinfo,v 1.2 2012/01/20 07:29:09 jnemeth Exp $ | |
2 | 2 | |||
3 | SHA1 (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = ffe8c67ce7b34ea5ad098bb06ed8e55e08a291ab | 3 | SHA1 (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 7a700c3c5b9af28f433f20d4267d5fc71ca32341 | |
4 | RMD160 (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = 9f9e4a9a9e5785ffd846f26c331b62dcceafd5bb | 4 | RMD160 (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 289731127e45351047f565acd0f6372cb48cb7d1 | |
5 | Size (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = 24873318 bytes | 5 | Size (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 24866828 bytes | |
6 | SHA1 (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 | 6 | SHA1 (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 | |
7 | RMD160 (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 | 7 | RMD160 (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 | |
8 | Size (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes | 8 | Size (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes | |
9 | SHA1 (asterisk-10.0.0/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e | 9 | SHA1 (asterisk-10.0.1/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e | |
10 | RMD160 (asterisk-10.0.0/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0 | 10 | RMD160 (asterisk-10.0.1/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0 | |
11 | Size (asterisk-10.0.0/extract-cfile.txt) = 643 bytes | 11 | Size (asterisk-10.0.1/extract-cfile.txt) = 643 bytes | |
12 | SHA1 (asterisk-10.0.0/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 | 12 | SHA1 (asterisk-10.0.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 | |
13 | RMD160 (asterisk-10.0.0/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 | 13 | RMD160 (asterisk-10.0.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 | |
14 | Size (asterisk-10.0.0/rfc3951.txt) = 373442 bytes | 14 | Size (asterisk-10.0.1/rfc3951.txt) = 373442 bytes | |
15 | SHA1 (patch-Makefile) = 900252eff84bda22d2cbe09e0f22505531284cbb | 15 | SHA1 (patch-Makefile) = 900252eff84bda22d2cbe09e0f22505531284cbb | |
16 | SHA1 (patch-apps_app__dial.c) = 2109ed50406dedc90a300981a3a7500b1397ff3a | 16 | SHA1 (patch-apps_app__dial.c) = 2109ed50406dedc90a300981a3a7500b1397ff3a | |
17 | SHA1 (patch-apps_app__followme.c) = a0a507986ec9722337d46fdaaac0a79d23a634e4 | 17 | SHA1 (patch-apps_app__followme.c) = a0a507986ec9722337d46fdaaac0a79d23a634e4 | |
18 | SHA1 (patch-apps_app__queue.c) = e035995563eb5533d5261568fdb43e8adcf2fe35 | 18 | SHA1 (patch-apps_app__queue.c) = e035995563eb5533d5261568fdb43e8adcf2fe35 | |
19 | SHA1 (patch-apps_app__sms.c) = 8013727b495dc0ac038eb28b84e9d3839d0bc23d | 19 | SHA1 (patch-apps_app__sms.c) = 8013727b495dc0ac038eb28b84e9d3839d0bc23d | |
20 | SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4 | 20 | SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4 | |
21 | SHA1 (patch-channels_chan__oss.c) = 78095d744a44b2e173de036f45a3b3d652cba311 | 21 | SHA1 (patch-channels_chan__oss.c) = 78095d744a44b2e173de036f45a3b3d652cba311 | |
22 | SHA1 (patch-codecs_lpc10_Makefile) = 0c9955e87eb453d70517951114d335d91b3ee73a | 22 | SHA1 (patch-codecs_lpc10_Makefile) = 0c9955e87eb453d70517951114d335d91b3ee73a | |
23 | SHA1 (patch-configure) = e1c6507a9ba2758c565043596d0314eabce2ef7d | 23 | SHA1 (patch-configure) = e1c6507a9ba2758c565043596d0314eabce2ef7d | |
24 | SHA1 (patch-configure.ac) = 27ac6fd657c490689ec06cddf7cd10e9cc8a7927 | 24 | SHA1 (patch-configure.ac) = 27ac6fd657c490689ec06cddf7cd10e9cc8a7927 | |
25 | SHA1 (patch-contrib_scripts_autosupport) = 3426d7c2c8fc6342ffecde57ce9530c233a51409 | 25 | SHA1 (patch-contrib_scripts_autosupport) = 3426d7c2c8fc6342ffecde57ce9530c233a51409 | |
26 | SHA1 (patch-contrib_scripts_vmail.cgi) = 650b9bbf3e322d1ad351932cfe6f747baa8f35e4 | 26 | SHA1 (patch-contrib_scripts_vmail.cgi) = 650b9bbf3e322d1ad351932cfe6f747baa8f35e4 | |
27 | SHA1 (patch-include_asterisk_autoconfig.h.in) = 7d6e3443ce3f0741c72a5f2178895598e79e83c9 | 27 | SHA1 (patch-include_asterisk_autoconfig.h.in) = 7d6e3443ce3f0741c72a5f2178895598e79e83c9 |