b3aaa725f1
Fixes the following security vulnerabilities: AST-2019-006: SIP request can change address of a SIP peer. A SIP request can be sent to Asterisk that can change a SIP peer’s IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer’s name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the “nat” option is set to the default, or “auto_force_rport”. https://downloads.asterisk.org/pub/security/AST-2019-006.pdf AST-2019-007: AMI user could execute system commands. A remote authenticated Asterisk Manager Interface (AMI) user without “system” authorization could use a specially crafted “Originate” AMI request to execute arbitrary system commands. https://downloads.asterisk.org/pub/security/AST-2019-007.pdf AST-2019-008: Re-invite with T.38 and malformed SDP causes crash. If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur. https://downloads.asterisk.org/pub/security/AST-2019-008.pdf Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
16 lines
1.1 KiB
Plaintext
16 lines
1.1 KiB
Plaintext
# Locally computed
|
|
sha256 474cbc6f9dddee94616f8af8e097bc4d340dc9698c4165dc45be6e0be80ff725 asterisk-16.6.2.tar.gz
|
|
|
|
# sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
|
|
# sha256 locally computed
|
|
sha1 721c512feaea102700d5bdce952fdc0bb29dc640 asterisk-core-sounds-en-gsm-1.6.1.tar.gz
|
|
sha256 d79c3d2044d41da8f363c447dfccc140be86b4fcc41b1ca5a60a80da52f24f2d asterisk-core-sounds-en-gsm-1.6.1.tar.gz
|
|
sha1 f40fd6ea03dfe8d72ada2540b2288bfdc006381d asterisk-moh-opsound-wav-2.03.tar.gz
|
|
sha256 449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538 asterisk-moh-opsound-wav-2.03.tar.gz
|
|
|
|
# License files, locally computed
|
|
sha256 82af40ed7f49c08685360811993d9396320842f021df828801d733e8fdc0312f COPYING
|
|
sha256 ac5571f00e558e3b7c9b3f13f421b874cc12cf4250c4f70094c71544cf486312 main/sha1.c
|
|
sha256 6215e3ed73c3982a5c6701127d681ec0b9f1121ac78a28805bd93f93c3eb84c0 codecs/speex/speex_resampler.h
|
|
sha256 1ca2c7a7a1ae7ccd75212a8c1e85dd9ec92bdbc9170aafd97ea60459387755fd utils/db1-ast/include/db.h
|