kumquat-buildroot/package/asterisk
Peter Korsgaard 607162a09c package/asterisk: security bump to version 16.25.2
Fixes the following security issues:

16.24.1:

CVE-2021-37706 / AST-2022-004: pjproject: integer underflow on STUN message

The header length on incoming STUN messages that contain an ERROR-CODE
attribute is not properly checked.  This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use with a malicious
remote party.

https://seclists.org/fulldisclosure/2022/Mar/0

CVE-2022-23608 / AST-2022-005: pjproject: undefined behavior after freeing a
dialog set

When acting as a UAC, and when placing an outgoing call to a target that then
forks Asterisk may experience undefined behavior (crashes, hangs, etc…)
after a dialog set is prematurely freed.

https://seclists.org/fulldisclosure/2022/Mar/1

CVE-2022-21723 / AST-2022-006: pjproject: unconstrained malformed multipart
SIP message

If an incoming SIP message contains a malformed multi-part body an out of
bounds read access may occur, which can result in undefined behavior.  Note,
it’s currently uncertain if there is any externally exploitable vector
within Asterisk for this issue, but providing this as a security issue out
of caution.

https://seclists.org/fulldisclosure/2022/Mar/2

16.25.2:

CVE-2022-26498 / AST-2022-001: res_stir_shaken: resource exhaustion with
large files

When using STIR/SHAKEN, it’s possible to download files that are not
certificates. These files could be much larger than what you would expect to
download.

https://seclists.org/fulldisclosure/2022/Apr/17

CVE-2022-26499 / AST-2022-002: res_stir_shaken: SSRF vulnerability with
Identity header

When using STIR/SHAKEN, it’s possible to send arbitrary requests like GET to
interfaces such as localhost using the Identity header.

https://seclists.org/fulldisclosure/2022/Apr/18

CVE-2022-26651 / AST-2022-003: func_odbc: Possible SQL Injection

Some databases can use backslashes to escape certain characters, such as
backticks.  If input is provided to func_odbc which includes backslashes it
is possible for func_odbc to construct a broken SQL query and the SQL query
to fail.

https://seclists.org/fulldisclosure/2022/Apr/19

Update hash of sha1.c after a doxygen comment update:
37c29b6a28

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 15:42:17 +02:00
..
0001-sounds-do-not-download-and-check-sha1s.patch
0002-configure-fix-detection-of-libcrypt.patch
0003-build-ensure-target-directory-for-modules-exists.patch
0004-install-samples-need-the-data-files.patch
0005-configure-fix-detection-of-re-entrant-resolver-funct.patch
asterisk.hash
asterisk.mk
Config.in