Asterisk 1.2.16 fixes a recently discovered security vulnerability

Bug #89863 reported by magilus
258
Affects Status Importance Assigned to Milestone
asterisk (Ubuntu)
Fix Released
Undecided
Kees Cook
Dapper
Fix Released
Undecided
Kees Cook
Edgy
Fix Released
Undecided
magilus
Feisty
Fix Released
Undecided
Kees Cook

Bug Description

Binary package hint: asterisk

Asterisk 1.2.16 fixes a recently discovered security vulnerability. See http://asterisk.org/node/48319

Changed in asterisk:
status: Unconfirmed → Confirmed
Revision history for this message
magilus (magilus) wrote :

Patch available here: http://svn.digium.com/view/asterisk/branches/1.2/channels/chan_sip.c?r1=56230&r2=57475

I will care of the Edgy release today.

For Feisty, I'd suggest to take 1.2.16 from Debian but that a) needs a UVF exception and b) we have to apply the ubuntu changes again

magilus (magilus)
Changed in asterisk:
assignee: nobody → pirast
status: Unconfirmed → Confirmed
magilus (magilus)
Changed in asterisk:
status: Confirmed → In Progress
Revision history for this message
magilus (magilus) wrote :

Attached is a debdiff for Edgy. I can confirm that it compiles and that it fixes the issue.

Martin, Kees: Would be nice if you could upload it.

Revision history for this message
Kees Cook (kees) wrote :

Thanks for hunting down the changes. I'll get this built shortly...

Changed in asterisk:
assignee: nobody → keescook
status: Confirmed → In Progress
assignee: nobody → keescook
status: Unconfirmed → In Progress
status: In Progress → Fix Committed
magilus (magilus)
Changed in asterisk:
assignee: keescook → pirast
Kees Cook (kees)
Changed in asterisk:
status: In Progress → Fix Committed
magilus (magilus)
Changed in asterisk:
status: Fix Committed → Fix Released
Kees Cook (kees)
Changed in asterisk:
status: Fix Committed → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

Just to cover until the asterisk sync is created/goes through, I've patched the current Feisty version with the upstream fix.

Changed in asterisk:
assignee: pirast → keescook
status: In Progress → Fix Released
Revision history for this message
magilus (magilus) wrote :

okay, great. I had to get a UVF exception for Zaptel first, which is going to get synced soon.

After, I will care of Feisty's asterisk.

Revision history for this message
magilus (magilus) wrote :

Asterisk 1.2.16 is now in the archives.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.