kumquat-buildroot/package/asterisk/asterisk.hash
Peter Korsgaard b3aaa725f1 package/asterisk: security bump to version 16.6.2
Fixes the following security vulnerabilities:

AST-2019-006: SIP request can change address of a SIP peer.
A SIP request can be sent to Asterisk that can change a SIP peer’s IP
address.  A REGISTER does not need to occur, and calls can be hijacked as a
result.  The only thing that needs to be known is the peer’s name;
authentication details such as passwords do not need to be known.  This
vulnerability is only exploitable when the “nat” option is set to the
default, or “auto_force_rport”.

https://downloads.asterisk.org/pub/security/AST-2019-006.pdf

AST-2019-007: AMI user could execute system commands.
A remote authenticated Asterisk Manager Interface (AMI) user without
“system” authorization could use a specially crafted “Originate” AMI request
to execute arbitrary system commands.

https://downloads.asterisk.org/pub/security/AST-2019-007.pdf

AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
and no c line in the SDP, a crash will occur.

https://downloads.asterisk.org/pub/security/AST-2019-008.pdf

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 19:27:39 +01:00

16 lines
1.1 KiB
Plaintext

# Locally computed
sha256 474cbc6f9dddee94616f8af8e097bc4d340dc9698c4165dc45be6e0be80ff725 asterisk-16.6.2.tar.gz
# sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
# sha256 locally computed
sha1 721c512feaea102700d5bdce952fdc0bb29dc640 asterisk-core-sounds-en-gsm-1.6.1.tar.gz
sha256 d79c3d2044d41da8f363c447dfccc140be86b4fcc41b1ca5a60a80da52f24f2d asterisk-core-sounds-en-gsm-1.6.1.tar.gz
sha1 f40fd6ea03dfe8d72ada2540b2288bfdc006381d asterisk-moh-opsound-wav-2.03.tar.gz
sha256 449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538 asterisk-moh-opsound-wav-2.03.tar.gz
# License files, locally computed
sha256 82af40ed7f49c08685360811993d9396320842f021df828801d733e8fdc0312f COPYING
sha256 ac5571f00e558e3b7c9b3f13f421b874cc12cf4250c4f70094c71544cf486312 main/sha1.c
sha256 6215e3ed73c3982a5c6701127d681ec0b9f1121ac78a28805bd93f93c3eb84c0 codecs/speex/speex_resampler.h
sha256 1ca2c7a7a1ae7ccd75212a8c1e85dd9ec92bdbc9170aafd97ea60459387755fd utils/db1-ast/include/db.h