Univention Bugzilla – Bug 48007
asterisk: Multiple issues (4.3)
Last modified: 2018-10-17 14:57:26 CEST
New Debian asterisk 1:13.14.1~dfsg-2+deb9u4 fixes: This update addresses the following issues: * A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. (CVE-2018-7284) * An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. (CVE-2018-7286) * An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. (CVE-2018-12227) * There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. (CVE-2018-17281)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/asterisk_13.14.1~dfsg-2+deb9u3.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/asterisk_13.14.1~dfsg-2+deb9u4.dsc @@ -1,3 +1,14 @@ +1:13.14.1~dfsg-2+deb9u4 [Sun, 30 Sep 2018 23:24:10 +0200] Bernhard Schmidt <berni@debian.org>: + + * AST-2018-004 / CVE-2018-7284: Crash when receiving SUBSCRIBE request + (Closes: #891227) + * AST-2018-005 / CVE-2018-7286: Crash when large numbers of TCP connections + are closed suddenly (Closes: #891228) + * AST-2018-008 / CVE-2018-12227: PJSIP endpoint presence disclosure when + using ACL (Closes: #902954) + * AST-2018-009 / CVE-2018-17281: Remote crash vulnerability in HTTP + websocket upgrade (Closes: #909554) + 1:13.14.1~dfsg-2+deb9u3 [Fri, 29 Dec 2017 16:27:08 +0200] Tzafrir Cohen <tzafrir@debian.org>: [ Tzafrir Cohen ] <http://10.200.17.11/4.3-2/#6741352584252704116>
Add libresample.yaml from unmaintained 4.0-0
--- mirror/ftp/4.3/unmaintained/4.3-0/source/asterisk_13.14.1~dfsg-2+deb9u3.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/asterisk_13.14.1~dfsg-2+deb9u4.dsc @@ -1,3 +1,14 @@ +1:13.14.1~dfsg-2+deb9u4 [Sun, 30 Sep 2018 23:24:10 +0200] Bernhard Schmidt <berni@debian.org>: + + * AST-2018-004 / CVE-2018-7284: Crash when receiving SUBSCRIBE request + (Closes: #891227) + * AST-2018-005 / CVE-2018-7286: Crash when large numbers of TCP connections + are closed suddenly (Closes: #891228) + * AST-2018-008 / CVE-2018-12227: PJSIP endpoint presence disclosure when + using ACL (Closes: #902954) + * AST-2018-009 / CVE-2018-17281: Remote crash vulnerability in HTTP + websocket upgrade (Closes: #909554) + 1:13.14.1~dfsg-2+deb9u3 [Fri, 29 Dec 2017 16:27:08 +0200] Tzafrir Cohen <tzafrir@debian.org>: [ Tzafrir Cohen ] <http://10.200.17.11/4.3-2/#6726727707013117803>
<http://10.200.17.11/4.3-2/#6726727707013117803>
OK: yaml OK: announce_errata OK: patch ~FAIL: piuparts Similar to Bug #47889 comment 2 libresample is currently unmaintained in UCS-4.3 and the current version of asterisk in UCS-4.3 cannot be installed because of it. As such piuparts cannot test the upgrade path and failed. [4.3-2] 84f693a923 Bug #48007: asterisk 1:13.14.1~dfsg-2+deb9u4 doc/errata/staging/asterisk.yaml | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) [4.3-2] e8b6a301a7 Bug #48007: asterisk 1:13.14.1~dfsg-2+deb9u4 doc/errata/staging/asterisk.yaml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+)
<http://errata.software-univention.de/ucs/4.3/275.html> <http://errata.software-univention.de/ucs/4.3/278.html>