package/asterisk: security bump to version 16.25.2

Fixes the following security issues:

16.24.1:

CVE-2021-37706 / AST-2022-004: pjproject: integer underflow on STUN message

The header length on incoming STUN messages that contain an ERROR-CODE
attribute is not properly checked.  This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use with a malicious
remote party.

https://seclists.org/fulldisclosure/2022/Mar/0

CVE-2022-23608 / AST-2022-005: pjproject: undefined behavior after freeing a
dialog set

When acting as a UAC, and when placing an outgoing call to a target that then
forks Asterisk may experience undefined behavior (crashes, hangs, etc…)
after a dialog set is prematurely freed.

https://seclists.org/fulldisclosure/2022/Mar/1

CVE-2022-21723 / AST-2022-006: pjproject: unconstrained malformed multipart
SIP message

If an incoming SIP message contains a malformed multi-part body an out of
bounds read access may occur, which can result in undefined behavior.  Note,
it’s currently uncertain if there is any externally exploitable vector
within Asterisk for this issue, but providing this as a security issue out
of caution.

https://seclists.org/fulldisclosure/2022/Mar/2

16.25.2:

CVE-2022-26498 / AST-2022-001: res_stir_shaken: resource exhaustion with
large files

When using STIR/SHAKEN, it’s possible to download files that are not
certificates. These files could be much larger than what you would expect to
download.

https://seclists.org/fulldisclosure/2022/Apr/17

CVE-2022-26499 / AST-2022-002: res_stir_shaken: SSRF vulnerability with
Identity header

When using STIR/SHAKEN, it’s possible to send arbitrary requests like GET to
interfaces such as localhost using the Identity header.

https://seclists.org/fulldisclosure/2022/Apr/18

CVE-2022-26651 / AST-2022-003: func_odbc: Possible SQL Injection

Some databases can use backslashes to escape certain characters, such as
backticks.  If input is provided to func_odbc which includes backslashes it
is possible for func_odbc to construct a broken SQL query and the SQL query
to fail.

https://seclists.org/fulldisclosure/2022/Apr/19

Update hash of sha1.c after a doxygen comment update:
37c29b6a28

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2022-04-16 00:26:15 +02:00
parent 9b9707d15e
commit 607162a09c
2 changed files with 3 additions and 3 deletions

View File

@ -1,5 +1,5 @@
# Locally computed
sha256 1ba86666072b903e24b5cfef3d6d607d0d090c0fd232429ed410496e8f93ac40 asterisk-16.21.1.tar.gz
sha256 0fb817943a276f5e540c2a9432e8841cd3393e7c1bd1250055c620902f6eafc8 asterisk-16.25.2.tar.gz
# sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
# sha256 locally computed
@ -10,6 +10,6 @@ sha256 449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538 asteri
# License files, locally computed
sha256 82af40ed7f49c08685360811993d9396320842f021df828801d733e8fdc0312f COPYING
sha256 ac5571f00e558e3b7c9b3f13f421b874cc12cf4250c4f70094c71544cf486312 main/sha1.c
sha256 3ce4755b8da872a0de93ecdbbe2f940763cc95c9027bbf3c4a2e914fcd8bf4c6 main/sha1.c
sha256 6215e3ed73c3982a5c6701127d681ec0b9f1121ac78a28805bd93f93c3eb84c0 codecs/speex/speex_resampler.h
sha256 ea69cc96ab8a779c180a362377caeada71926897d1b55b980f04d74ba5aaa388 utils/db1-ast/include/db.h

View File

@ -4,7 +4,7 @@
#
################################################################################
ASTERISK_VERSION = 16.21.1
ASTERISK_VERSION = 16.25.2
# Use the github mirror: it's an official mirror maintained by Digium, and
# provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))