[Pkg-voip-commits] r7731 - in /asterisk/trunk/debian: changelog patches/AST-2009-007 patches/series

paravoid at alioth.debian.org paravoid at alioth.debian.org
Thu Oct 29 19:08:50 UTC 2009 

Author: paravoid
Date: Thu Oct 29 19:08:49 2009
New Revision: 7731

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=7731
Log:
Security fix: "ACL check not present for verifying SIP INVITEs",
AST-2009-007. (Closes: #552756)

Added:
    asterisk/trunk/debian/patches/AST-2009-007
Modified:
    asterisk/trunk/debian/changelog
    asterisk/trunk/debian/patches/series

Modified: asterisk/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/changelog?rev=7731&op=diff
==============================================================================
--- asterisk/trunk/debian/changelog (original)
+++ asterisk/trunk/debian/changelog Thu Oct 29 19:08:49 2009
@@ -4,13 +4,15 @@
   * Really ship MoH sounds, as mentioned in the rc1 upload.
   * Move dahdi to Should-Start instead of Required-Start in the init script.
     (Closes: #552604)
+  * Security fix: "ACL check not present for verifying SIP INVITEs",
+    AST-2009-007. (Closes: #552756)
 
   [ Tzafrir Cohen ]
   * Add a sample startup init script. Not installed.
   * Add mysql and postgresql to Should-Start/Stop: Asterisk may use them
     in real-time mode.
 
- -- Tzafrir Cohen <tzafrir.cohen at xorcom.com>  Thu, 29 Oct 2009 09:08:12 +0200
+ -- Faidon Liambotis <paravoid at debian.org>  Thu, 29 Oct 2009 21:07:02 +0200
 
 asterisk (1:1.6.2.0~rc3-1) unstable; urgency=low
 

Added: asterisk/trunk/debian/patches/AST-2009-007
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/AST-2009-007?rev=7731&op=file
==============================================================================
--- asterisk/trunk/debian/patches/AST-2009-007 (added)
+++ asterisk/trunk/debian/patches/AST-2009-007 Thu Oct 29 19:08:49 2009
@@ -1,0 +1,20 @@
+ACL check not present for verifying SIP INVITEs 
+Fixes vulnerability AST-2009-007.
+
+Upstream revision: r225914
+		  
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -13523,7 +13523,11 @@ static enum check_auth_result check_peer
+ 				of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
+ 		return AUTH_DONT_KNOW;
+ 	}
+-
++	if (!ast_apply_ha(peer->ha, sin)) {
++		ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of);
++		unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED");
++		return AUTH_ACL_FAILED;
++	}
+ 	if (debug)
+ 		ast_verbose("Found peer '%s' for '%s' from %s:%d\n",
+ 			peer->name, of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));

Modified: asterisk/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/series?rev=7731&op=diff
==============================================================================
--- asterisk/trunk/debian/patches/series (original)
+++ asterisk/trunk/debian/patches/series Thu Oct 29 19:08:49 2009
@@ -17,3 +17,4 @@
 dahdi-fxsks-hookstate
 dahdi_ptmp_nt
 dahdi_pri_debug_spannums
+AST-2009-007

More information about the Pkg-voip-commits mailing list