kumquat-buildroot/package/asterisk
Peter Korsgaard b3aaa725f1 package/asterisk: security bump to version 16.6.2
Fixes the following security vulnerabilities:

AST-2019-006: SIP request can change address of a SIP peer.
A SIP request can be sent to Asterisk that can change a SIP peer’s IP
address.  A REGISTER does not need to occur, and calls can be hijacked as a
result.  The only thing that needs to be known is the peer’s name;
authentication details such as passwords do not need to be known.  This
vulnerability is only exploitable when the “nat” option is set to the
default, or “auto_force_rport”.

https://downloads.asterisk.org/pub/security/AST-2019-006.pdf

AST-2019-007: AMI user could execute system commands.
A remote authenticated Asterisk Manager Interface (AMI) user without
“system” authorization could use a specially crafted “Originate” AMI request
to execute arbitrary system commands.

https://downloads.asterisk.org/pub/security/AST-2019-007.pdf

AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
and no c line in the SDP, a crash will occur.

https://downloads.asterisk.org/pub/security/AST-2019-008.pdf

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-11-23 19:27:39 +01:00
..
0001-sounds-do-not-download-and-check-sha1s.patch
0002-configure-fix-detection-of-libcrypt.patch
0003-build-ensure-target-directory-for-modules-exists.patch
0004-install-samples-need-the-data-files.patch
0005-configure-fix-detection-of-re-entrant-resolver-funct.patch package/asterisk: enable for uclibc toolchains 2018-12-09 22:23:08 +01:00
asterisk.hash package/asterisk: security bump to version 16.6.2 2019-11-23 19:27:39 +01:00
asterisk.mk package/asterisk: security bump to version 16.6.2 2019-11-23 19:27:39 +01:00
Config.in package/asterisk: needs threads 2019-01-12 18:40:41 +01:00