[Pkg-voip-commits] r7731 - in /asterisk/trunk/debian: changelog patches/AST-2009-007 patches/series
paravoid at alioth.debian.org
paravoid at alioth.debian.org
Thu Oct 29 19:08:50 UTC 2009
Author: paravoid
Date: Thu Oct 29 19:08:49 2009
New Revision: 7731
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=7731
Log:
Security fix: "ACL check not present for verifying SIP INVITEs",
AST-2009-007. (Closes: #552756)
Added:
asterisk/trunk/debian/patches/AST-2009-007
Modified:
asterisk/trunk/debian/changelog
asterisk/trunk/debian/patches/series
Modified: asterisk/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/changelog?rev=7731&op=diff
==============================================================================
--- asterisk/trunk/debian/changelog (original)
+++ asterisk/trunk/debian/changelog Thu Oct 29 19:08:49 2009
@@ -4,13 +4,15 @@
* Really ship MoH sounds, as mentioned in the rc1 upload.
* Move dahdi to Should-Start instead of Required-Start in the init script.
(Closes: #552604)
+ * Security fix: "ACL check not present for verifying SIP INVITEs",
+ AST-2009-007. (Closes: #552756)
[ Tzafrir Cohen ]
* Add a sample startup init script. Not installed.
* Add mysql and postgresql to Should-Start/Stop: Asterisk may use them
in real-time mode.
- -- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Thu, 29 Oct 2009 09:08:12 +0200
+ -- Faidon Liambotis <paravoid at debian.org> Thu, 29 Oct 2009 21:07:02 +0200
asterisk (1:1.6.2.0~rc3-1) unstable; urgency=low
Added: asterisk/trunk/debian/patches/AST-2009-007
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/AST-2009-007?rev=7731&op=file
==============================================================================
--- asterisk/trunk/debian/patches/AST-2009-007 (added)
+++ asterisk/trunk/debian/patches/AST-2009-007 Thu Oct 29 19:08:49 2009
@@ -1,0 +1,20 @@
+ACL check not present for verifying SIP INVITEs
+Fixes vulnerability AST-2009-007.
+
+Upstream revision: r225914
+
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -13523,7 +13523,11 @@ static enum check_auth_result check_peer
+ of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
+ return AUTH_DONT_KNOW;
+ }
+-
++ if (!ast_apply_ha(peer->ha, sin)) {
++ ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of);
++ unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED");
++ return AUTH_ACL_FAILED;
++ }
+ if (debug)
+ ast_verbose("Found peer '%s' for '%s' from %s:%d\n",
+ peer->name, of, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
Modified: asterisk/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/series?rev=7731&op=diff
==============================================================================
--- asterisk/trunk/debian/patches/series (original)
+++ asterisk/trunk/debian/patches/series Thu Oct 29 19:08:49 2009
@@ -17,3 +17,4 @@
dahdi-fxsks-hookstate
dahdi_ptmp_nt
dahdi_pri_debug_spannums
+AST-2009-007
More information about the Pkg-voip-commits
mailing list