[Pkg-voip-commits] r9114 - in /asterisk/branches/lenny-security/debian: changelog patches/AST-2011-008 patches/series
tzafrir at alioth.debian.org
tzafrir at alioth.debian.org
Mon Jul 4 21:10:34 UTC 2011
Author: tzafrir
Date: Mon Jul 4 21:10:34 2011
New Revision: 9114
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=9114
Log:
* Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
(Closes: 631446).
* Do include patch for AST-2011-011 in patches series file.
Added:
asterisk/branches/lenny-security/debian/patches/AST-2011-008
Modified:
asterisk/branches/lenny-security/debian/changelog
asterisk/branches/lenny-security/debian/patches/series
Modified: asterisk/branches/lenny-security/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/changelog?rev=9114&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/changelog (original)
+++ asterisk/branches/lenny-security/debian/changelog Mon Jul 4 21:10:34 2011
@@ -1,11 +1,13 @@
asterisk (1:1.4.21.2~dfsg-3+lenny3) oldstable-security; urgency=high
+ * Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
+ (Closes: 631446).
* AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote pointer
(closes: #631448)
* AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
(closes: #632029)
- -- Tzafrir Cohen <tzafrir at debian.org> Fri, 01 Jul 2011 14:53:46 +0300
+ -- Tzafrir Cohen <tzafrir at debian.org> Tue, 05 Jul 2011 00:08:08 +0300
asterisk (1:1.4.21.2~dfsg-3+lenny2.1) oldstable-security; urgency=high
Added: asterisk/branches/lenny-security/debian/patches/AST-2011-008
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/patches/AST-2011-008?rev=9114&op=file
==============================================================================
--- asterisk/branches/lenny-security/debian/patches/AST-2011-008 (added)
+++ asterisk/branches/lenny-security/debian/patches/AST-2011-008 Mon Jul 4 21:10:34 2011
@@ -1,0 +1,30 @@
+From: Kinsey Moore <kmoore at digium.com>
+Date: Thu, 23 Jun 2011 18:21:12 +0000
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=324643
+Subject: Addresses AST-2011-008, memory corruption and remote crash in SIP driver.
+
+If a remote user sends a SIP packet containing a null, Asterisk assumes
+available data extends past the null to the end of the packet when the
+buffer is actually truncated when copied. This causes SIP header parsing
+to modify data past the end of the buffer altering unrelated memory
+structures. This vulnerability does not affect TCP/TLS connections.
+
+CVE: CVE-2011-2529
+See also http://downloads.asterisk.org/pub/security/AST-2011-008.html
+
+---
+ channels/chan_sip.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -15907,7 +15907,8 @@ static int sipsock_read(int *id, int fd,
+ ast_log(LOG_DEBUG, "Received packet exceeds buffer. Data is possibly lost\n");
+
+ req.data[res] = '\0';
+- req.len = res;
++ /* req.data will have the correct length in case of nulls */
++ req.len = ast_str_strlen(req.data);
+ if(sip_debug_test_addr(&sin)) /* Set the debug flag early on packet level */
+ ast_set_flag(&req, SIP_PKT_DEBUG);
+ if (pedanticsipchecking)
Modified: asterisk/branches/lenny-security/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/patches/series?rev=9114&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/patches/series (original)
+++ asterisk/branches/lenny-security/debian/patches/series Mon Jul 4 21:10:34 2011
@@ -107,4 +107,6 @@
manager_bugfix_reload
AST-2011-005
AST-2011-005-p2
+AST-2011-008
AST-2011-010
+AST-2011-011
More information about the Pkg-voip-commits
mailing list