[Bug 501116] Re: chan_iax2 crashes on nonexistent fr->callno (patch available)
Launchpad Bug Tracker
501116 at bugs.launchpad.net
Wed Dec 30 14:15:09 GMT 2009
This bug was fixed in the package asterisk - 1:1.6.2.0~rc2-0ubuntu2
---------------
asterisk (1:1.6.2.0~rc2-0ubuntu2) lucid; urgency=low
[ Dave Walker (Daviey) ]
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
- debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
check ACL for handling SIP INVITEs. This blocks calls on networks
intended to be prohibited, by configuration. Based on upstream patch.
- AST-2009-007
- CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
- debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
to stop a specially crafted series of requests returning valid usernames.
Based on upstream patch.
- AST-2009-008
- CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
- debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
comfort noise payload containing 24 bytes or greater is recieved.
- AST-2009-010
- CVE-2009-4055
[ Roberto D'Auria ]
* debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on
heavy traffic on iax2 channel, editing channels/chan_iax2.c.
Based on upstream patch. (LP: #501116)
-- Roberto D'Auria <everlastingfire at autistici.org> Wed, 30 Dec 2009 14:49:24 +0100
** Changed in: asterisk (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3723
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3727
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4055
--
chan_iax2 crashes on nonexistent fr->callno (patch available)
https://bugs.launchpad.net/bugs/501116
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list