829777c1c9
Fixes the following security issues: - CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid SRTP packets When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 - CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj - CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the auth-messages parameter to true, it is not the default setting. https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 - CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m - CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 Release notes: https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 Removed patch, upstream applied a different fix:e9fde845deAdded optional dependency to libks, needed due to upstream commited98516666Added upstream patches to fix build errors. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Peter: mention security fixes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
27 lines
1.2 KiB
Diff
27 lines
1.2 KiB
Diff
From 68039d344d8e826e8b403c9cd0284fd07b4495ac Mon Sep 17 00:00:00 2001
|
|
From: Dragos Oancea <dragos@signalwire.com>
|
|
Date: Tue, 26 Oct 2021 08:42:58 +0000
|
|
Subject: [PATCH] [core] fix build SWITCH_BYTE_ORDER == __BIG_ENDIAN
|
|
|
|
Downloaded from upstream commit:
|
|
https://github.com/signalwire/freeswitch/commit/68039d344d8e826e8b403c9cd0284fd07b4495ac
|
|
|
|
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
|
---
|
|
src/switch_rtp.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/switch_rtp.c b/src/switch_rtp.c
|
|
index 1880bbb19c..843ee81381 100644
|
|
--- a/src/switch_rtp.c
|
|
+++ b/src/switch_rtp.c
|
|
@@ -2155,7 +2155,7 @@ static void switch_send_rtcp_event(switch_rtp_t *rtp_session ,struct switch_rtcp
|
|
switch_event_add_header_string(event, SWITCH_STACK_BOTTOM, header, value);
|
|
snprintf(header, sizeof(header), "Source-Lost");
|
|
#if SWITCH_BYTE_ORDER == __BIG_ENDIAN
|
|
- tmpLost = report->lost; /* signed 24bit will extended signess to int32_t automatically */
|
|
+ tmpLost = rtcp_report_block->lost; /* signed 24bit will extended signess to int32_t automatically */
|
|
#else
|
|
tmpLost = ntohl(rtcp_report_block->lost)>>8;
|
|
tmpLost = tmpLost | ((tmpLost & 0x00800000) ? 0xff000000 : 0x00000000); /* ...and signess compensation */
|