AST-2017-011: Memory leak in pjsip session resource
Asterisk Project Security Advisory - AST-2017-011
Product Asterisk
Summary Memory leak in pjsip session resource
Nature of Advisory Memory leak
Susceptibility Remote Sessions
Severity Minor
Exploits Known No
Reported On October 15, 2017
Reported By Correy Farrell
Posted On
Last Updated On October 19, 2017
Advisory Contact kharwell AT digium DOT com
CVE Name
Description A memory leak occurs when an Asterisk pjsip session object
is created and that call gets rejected before the session
itself is fully established. When this happens the session
object never gets destroyed.
Resolution Asterisk now releases the session object and all associated
memory when a call gets rejected.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x 13.5.0+
Asterisk Open Source 14.x All Releases
Asterisk Open Source 15.x All Releases
Certified Asterisk 13.13 All Releases
Corrected In
Product Release
Asterisk Open Source 13.18.1, 14.7.1, 15.1.1
Certified Asterisk 13.13-cert7
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-011-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-011-15.diff Asterisk
15
http://downloads.asterisk.org/pub/security/AST-2017-011-13.13.diff Certified
Asterisk
13.13
Links https://issues.asterisk.org/jira/browse/ASTERISK-27345
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-011.pdf and
http://downloads.digium.com/pub/security/AST-2017-011.html
Revision History
Date Editor Revisions Made
October 19, 2017 Kevin Harwell Initial Revision
Asterisk Project Security Advisory - AST-2017-011
Copyright (c) 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
AST-2017-010: Buffer overflow in CDR’s set user
Asterisk Project Security Advisory - AST-2017-010
Product Asterisk
Summary Buffer overflow in CDR's set user
Nature of Advisory Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On October 9, 2017
Reported By Richard Mudgett
Posted On
Last Updated On October 25, 2017
Advisory Contact Rmudgett AT digium DOT com
CVE Name
Description No size checking is done when setting the user field for
Party B on a CDR. Thus, it is possible for someone to use
an arbitrarily large string and write past the end of the
user field storage buffer. The earlier AST-2017-001
advisory for the CDR user field overflow was for the Party
A buffer.
This currently affects any system using CDR's that also
make use of the following:
* The 'X-ClientCode' header within a SIP INFO message when
using chan_sip and
the 'useclientcode' option is enabled (note, it's disabled
by default).
* The CDR dialplan function executed from AMI when setting
the user field.
* The AMI Monitor action when using a long file name/path.
Resolution The CDR engine now only copies up to the maximum allowed
characters into the user field. Any characters outside the
maximum are truncated.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All Releases
Asterisk Open Source 14.x All Releases
Asterisk Open Source 15.x All Releases
Certified Asterisk 13.13 All Releases
Corrected In
Product Release
Asterisk Open Source 13.18.1, 14.7.1, 15.1.1
Certified Asterisk 13.13-cert7
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-010-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-010-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-010-15.diff Asterisk
15
http://downloads.asterisk.org/pub/security/AST-2017-010-13.13.diff Certified
Asterisk
13.13
Links https://issues.asterisk.org/jira/browse/ASTERISK-27337
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-010.pdf and
http://downloads.digium.com/pub/security/AST-2017-010.html
Revision History
Date Editor Revisions Made
October 12, 2017 Richard Mudgett Initial Revision
Asterisk Project Security Advisory - AST-2017-010
Copyright © 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk
Asterisk Project Security Advisory - AST-2017-009
Product Asterisk
Summary Buffer overflow in pjproject header parsing can
cause crash in Asterisk
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On October 5, 2017
Reported By Youngsung Kim at LINE Corporation
Posted On
Last Updated On October 25, 2017
Advisory Contact gjoseph AT digium DOT com
CVE Name
Description By carefully crafting invalid values in the Cseq and the
Via header port, pjproject’s packet parsing code can create
strings larger than the buffer allocated to hold them. This
will usually cause Asterisk to crash immediately. The
packets do not have to be authenticated.
Resolution Stricter validation is now done on strings that represent
numeric values before they are converted to intrinsic types.
Invalid values now cause packet processing to stop and error
messages to be emitted.
Affected Versions
Product Release Series
Asterisk Open Source 13.x All Releases
Asterisk Open Source 14.x All Releases
Asterisk Open Source 15.x All Releases
Certified Asterisk 13.13 All Releases
Corrected In
Product Release
Asterisk Open Source 13.18.1, 14.7.1, 15.1.1
Certified Asterisk 13.13-cert7
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-009-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-009-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-009-15.diff Asterisk
15
http://downloads.asterisk.org/pub/security/AST-2017-009-13.13.diff Certified
Asterisk
13.13
Links https://issues.asterisk.org/jira/browse/ASTERISK-27319
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-009.pdf and
http://downloads.digium.com/pub/security/AST-2017-009.html
Revision History
Date Editor Revisions Made
October 25, 2017 George Joseph Initial Revision
Asterisk Project Security Advisory - AST-2017-009
Copyright © 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Rilasciato Asterisk 15.1.0
Il giorno 30 ottobre 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 15.1.0.
Dal post originale:
The release of Asterisk 15.1.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Improvements made in this release:
-----------------------------------
* ASTERISK-27278 - [patch] chan_sip: Provide access to read the full SIP Request-URI from INVITE (Reported by David J. Pryke)
...
Questo il link: Rilasciato Asterisk 15.1.0
Rilasciato Asterisk 14.7.0
Il giorno 30 ottobre 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 14.7.0.
Dal post originale:
The release of Asterisk 14.7.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Improvements made in this release:
-----------------------------------
* ASTERISK-27278 - [patch] chan_sip: Provide access to read the full SIP Request-URI from INVITE (Reported by David J. Pryke)
...
Questo il link: Rilasciato Asterisk 14.7.0
Rilascito Asterisk 13.18.0
Il giorno 30 ottobre 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.18.0.
Dal post originale:
The release of Asterisk 13.18.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Improvements made in this release:
-----------------------------------
* ASTERISK-27278 - [patch] chan_sip: Provide access to read the full SIP Request-URI from INVITE (Reported by David J. Pryke)
...
Questo il link: Rilasciato Asterisk 13.18.0
Rilasciato Asterisk 15.0.0
Il giorno 03 ottobre 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 15.0.0.
Dal post originale:
The release of Asterisk 15.0.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Improvements made in this release:
-----------------------------------
* ASTERISK-26230 - [patch] res_pjsip_mwi: unsolicited mwi could block PJSIP taskprocessor on startup (Reported by Alexei Gradinari)
...
Questo il link: Rilasciato Asterisk 15.0.0
AST-2017-008: RTP/RTCP information leak
Asterisk Project Security Advisory - AST-2017-008Product Asterisk
Summary RTP/RTCP information leak
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known Yes
Reported On September 1, 2017
Reported By Klaus-Peter Junghanns
Posted On September 19, 2017
Last Updated On September 19, 2017
Advisory Contact Richard Mudgett
CVE Name CVE-2017-14099Description This is a follow up advisory to AST-2017-005.
Insufficient RTCP packet validation could allow reading
stale buffer contents and when combined with the “nat†and
“symmetric_rtp†options allow redirecting where Asterisk
sends the next RTCP report.The RTP stream qualification to learn the source address of
media always accepted the first RTP packet as the new
source and allowed what AST-2017-005 was mitigating. The
intent was to qualify a series of packets before accepting
the new source address.Resolution The RTP/RTCP stack will now validate RTCP packets before
processing them. Packets failing validation are discarded.
RTP stream qualification now requires the intended series of
packets from the same address without seeing packets from a
different source address to accept a new source address.Affected Versions
Product Release
Series
Asterisk Open Source 11.x All Releases
Asterisk Open Source 13.x All Releases
Asterisk Open Source 14.x All Releases
Certified Asterisk 11.6 All Releases
Certified Asterisk 13.13 All ReleasesCorrected In
Product Release
Asterisk Open Source 11.25.3, 13.17.2, 14.6.2
Certified Asterisk 11.6-cert18, 13.13-cert6Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-008-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2017-008-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-008-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-008-11.6.diff Certified
Asterisk
11.6
http://downloads.asterisk.org/pub/security/AST-2017-008-13.13.diff Certified
Asterisk
13.13Links https://issues.asterisk.org/jira/browse/ASTERISK-27274
https://issues.asterisk.org/jira/browse/ASTERISK-27252
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/securityThis document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-008.pdf and
http://downloads.digium.com/pub/security/AST-2017-008.html
AST-2017-007: Remote Crash Vulerability in res_pjsip
Asterisk Project Security Advisory - AST-2017-007Product Asterisk
Summary Remote Crash Vulerability in res_pjsip
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
Exploits Known No
Reported On August 30, 2017
Reported By Ross Beer
Posted On
Last Updated On August 30, 2017
Advisory Contact George Joseph
CVE NameDescription A carefully crafted URI in a From, To or Contact header
could cause Asterisk to crash.Resolution Patched pjsip_message_ip_updater to properly ignore the
trigger URI.Affected Versions
Product Release Series
Asterisk Open Source 13.15.0
Asterisk Open Source 14.4.0Corrected In
Product Release
Asterisk Open Source 13.17.1, 14.6.1Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-007-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-007-14.diff Asterisk
14Links https://issues.asterisk.org/jira/browse/ASTERISK-27152
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/securityThis document may be superseded by later versions; if so, the latest
version will be posted at http://downloads.digium.com/pub/security/.pdf
and http://downloads.digium.com/pub/security/.html
AST-2017-006: Shell access command injection in app_minivm
Asterisk Project Security Advisory - AST-2017-006Product Asterisk
Summary Shell access command injection in app_minivm
Nature of Advisory Unauthorized command execution
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On July 1, 2017
Reported By Corey Farrell
Posted On
Last Updated On July 11, 2017
Advisory Contact Richard Mudgett
CVE NameDescription The app_minivm module has an “externnotify†program
configuration option that is executed by the MinivmNotify
dialplan application. The application uses the caller-id
name and number as part of a built string passed to the OS
shell for interpretation and execution. Since the caller-id
name and number can come from an untrusted source, a
crafted caller-id name or number allows an arbitrary shell
command injection.Resolution Patched Asterisk’s app_minivm module to use a different
system call that passes argument strings in an array instead
of having the OS shell determine the application parameter
boundaries.Affected Versions
Product Release
Series
Asterisk Open Source 11.x All releases
Asterisk Open Source 13.x All releases
Asterisk Open Source 14.x All releases
Certified Asterisk 11.6 All releases
Certified Asterisk 13.13 All releasesCorrected In
Product Release
Asterisk Open Source 11.25.2, 13.17.1, 14.6.1
Certified Asterisk 11.6-cert17, 13.13-cert5Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-006-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2017-006-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-006-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-006-11.6.diff Certified
Asterisk
11.6
http://downloads.asterisk.org/pub/security/AST-2017-006-13.13.diff Certified
Asterisk
13.13Links https://issues.asterisk.org/jira/browse/ASTERISK-27103
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/securityThis document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-006.pdf and
http://downloads.digium.com/pub/security/AST-2017-006.html
AST-2017-005: Media takeover in RTP stack
Asterisk Project Security Advisory - AST-2017-005Product Asterisk
Summary Media takeover in RTP stack
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On May 17, 2017
Reported By Klaus-Peter Junghanns
Posted On
Last Updated On August 30, 2017
Advisory Contact Joshua Colp
CVE NameDescription The "strictrtp" option in rtp.conf enables a feature of the
RTP stack that learns the source address of media for a
session and drops any packets that do not originate from
the expected address. This option is enabled by default in
Asterisk 11 and above.The "nat" and "rtp_symmetric" options for chan_sip and
chan_pjsip respectively enable symmetric RTP support in the
RTP stack. This uses the source address of incoming media
as the target address of any sent media. This option is not
enabled by default but is commonly enabled to handle
devices behind NAT.A change was made to the strict RTP support in the RTP
stack to better tolerate late media when a reinvite occurs.
When combined with the symmetric RTP support this
introduced an avenue where media could be hijacked. Instead
of only learning a new address when expected the new code
allowed a new source address to be learned at all times.If a flood of RTP traffic was received the strict RTP
support would allow the new address to provide media and
with symmetric RTP enabled outgoing traffic would be sent
to this new address, allowing the media to be hijacked.
Provided the attacker continued to send traffic they would
continue to receive traffic as well.Resolution The RTP stack will now only learn a new source address if it
has been told to expect the address to change. The RTCP
support has now also been updated to drop RTCP reports that
are not regarding the RTP session currently in progress. The
strict RTP learning progress has also been improved to guard
against a flood of RTP packets attempting to take over the
media stream.Affected Versions
Product Release
Series
Asterisk Open Source 11.x 11.4.0
Asterisk Open Source 13.x All Releases
Asterisk Open Source 14.x All Releases
Certified Asterisk 11.6 All Releases
Certified Asterisk 13.13 All ReleasesCorrected In
Product Release
Asterisk Open Source 11.25.2, 13.17.1, 14.6.1
Certified Asterisk 11.6-cert17, 13.13-cert5Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-005-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2017-005-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-005-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-005-11.6.diff Certified
Asterisk
11.6
http://downloads.asterisk.org/pub/security/AST-2017-005-13.13.diff Certified
Asterisk
13.13Links https://issues.asterisk.org/jira/browse/ASTERISK-27013
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/securityThis document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-005.pdf and
http://downloads.digium.com/pub/security/AST-2017-005.html
Rilasciata beta di Asterisk 15 (no LTS)
Dal post di Matt Fredrickson:
It is with great pleasure I wish to inform the world of the first beta release of the new Asterisk 15 branch. It’s a very exciting time to be a user of Asterisk! Asterisk 15 is arguably the biggest release of Asterisk that has happened in the last 10 or so years. There has been a lot of work done in the Asterisk core to better support newer multi-stream video and WebRTC related technologies. For those who are interested, much of this will be covered in blog posts over the next month or two.
Typically, when a new major branch of Asterisk is created (13, 14, 15…), there are a few months of testing on the new branch that occurs prior to release in order to find regressions and other issues that may cause a first official release from the branch to be dead on arrival for a significant number of users. With today’s release of 15.0.0-beta1, this process has begun. Please feel free to start testing this version of Asterisk in as many adverse environments as possible. Any bugs should be reported on the Asterisk issue tracker at https://issues.asterisk.org/
As a side note, due to many of the core changes in the 15 branch that have been made since Asterisk 14 was released, it has been decided that Asterisk 15 will not be an LTS release. For those of you who are not familiar with the differences between LTS versus standard releases, you can find more information here.
Thanks to all the many Asterisk community members for providing so much help and support to make Asterisk the great open source project that it is.
Questo il link del post:
https://wiki.asterisk.org/wiki/display/AST/New+in+15
Rilasciato Asterisk 14.6.0.
Il giorno 12 giugno 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 14.6.0.
Dal post originale:
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27108 - Crash using 'data get' CLI command (Reported by Sean Bright)
* ASTERISK-27106 - [patch] autodomain (SIP Domain Support): Add only really different domain with TLS. (Reported by Alexander Traud)
* ASTERISK-27100 - channel: ast_waitfordigit_full fails to clear flag in an error branch. (Reported by Corey Farrell)
* ASTERISK-27090 - PJSIP: Deadlock using TCP transport (Reported by Richard Mudgett)
* ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY events (Reported by Ove Aursand)
* ASTERISK-27065 - call hangup after leaving app_queue (Reported by Marek Cervenka)
* ASTERISK-26978 - rtp: Crash in ast_rtp_codecs_payload_code() (Reported by Ross Beer)
* ASTERISK-27074 - core_local: local channel data not being properly unref'ed and unlocked (Reported by Kevin Harwell)
* ASTERISK-27075 - bridge: stuck channel(s) after failed attended transfer (Reported by Kevin Harwell)
* ASTERISK-24052 - app_voicemail reloads result in leaked IMAP sockets. (Reported by Louis Jocelyn Paquet)
* ASTERISK-27060 - Comment typo format_g729.c (Reported by Matthew Fredrickson)
* ASTERISK-27026 - res_ari: Crash when no ari.conf configuration file exists (Reported by Ronald Raikes)
* ASTERISK-27041 - Core/PBX: [patch] Deadlock between dialplan execution and application unregistration (Reported by Frederic LE FOLL)
* ASTERISK-27057 - Seg Fault in ast_sorcery_object_get_id at sorcery.c (Reported by Ryan Smith)
* ASTERISK-27024 - nat/external_media settings ignored in 14.4.1 (Reported by Christopher van de Sande)
* ASTERISK-27046 - res_pjsip_transport_websocket: segfault in get_write_timeout (Reported by Jørgen H)
* ASTERISK-27022 - res_rtp_asterisk: Incorrect SSRC change for RTCP component (Reported by Michael Walton)
* ASTERISK-26923 - bridging: T.38 request is lost when channels are added to bridge (Reported by Torrey Searle)
* ASTERISK-27053 - res_pjsip_refer/session: Calls dropped during transfer (Reported by Kevin Harwell)
* ASTERISK-27052 - Asterisk build process fails with flag --with-pjproject-bundled with curl download command and slow network (Reported by alex)
* ASTERISK-27039 - chan_pjsip: Device state is idle when channel from endpoint is in early media (Reported by Joshua Colp)
* ASTERISK-26996 - chan_pjsip: Flipping between codecs (Reported by Michael Maier)
* ASTERISK-26281 - chan_pjsip would send INVITE to 'Unreachable' endpoints (Reported by Jacek Konieczny)
* ASTERISK-26973 - bridge: Crash when freeing frame and snooping (Reported by Michel R. Vaillancourt)
* ASTERISK-19291 - Background in realtime (Reported by Andrew Nowrot)
* ASTERISK-27025 - channel / meetme: Fix missing parentheses (Reported by Joshua Colp)
* ASTERISK-27021 - GET /recordings/stored returns 500 Internal Server Error (Reported by Tim Morgan)
* ASTERISK-24858 - [patch]Asterisk 13 PJSIP sends RTP packets in wrong byte order on Intel platform when using slin codec (Reported by Frankie Chin)
* ASTERISK-23951 - Asterisk attempts and fails to build format_mp3 even if mp3lib was not downloaded (Reported by Tzafrir Cohen)
* ASTERISK-25294 - srtp's crypto_get_random deprecated (Reported by Tzafrir Cohen)
* ASTERISK-23839 - AGI - RECORD FILE - documentation doesn't describe BEEP argument (Reported by Rusty Newton)
* ASTERISK-22432 - Async AGI crashes Asterisk when issuing "set variable" command without args (Reported by Antoine Pitrou)
* ASTERISK-25662 - Malformed AGI 520 Usage response (Reported by Tony Mountifield)
* ASTERISK-25101 - DTLS configuration can not be specified in the general section - documentation (Reported by Ben Langfeld)
* ASTERISK-27008 - res_format_attr_h264: SDP parse fails if fmtp optional parameters have a space (Reported by John Harris)
* ASTERISK-26399 - app_queue: Agent not called when caller is parked (Reported by wushumasters)
* ASTERISK-26400 - app_queue: Queue member stops being called after AMI "Redirect" action for queues with wrapuptime (Reported by Etienne Lessard)
* ASTERISK-26715 - app_queue: Member will not receive any new calls after doing a transfer if wrapuptime = greater than 0 and using Local channel (Reported by David Brillert)
* ASTERISK-26975 - app_queue: Non-zero wrapup time can cause agents not to receive queue calls after transfer queue call (Reported by Lorne Gaetz)
* ASTERISK-27012 - app_confbridge: ConfBridge sometimes does not play user name recording while leaving (Reported by Robert Mordec)
* ASTERISK-26979 - res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110 (Reported by Javier Riveros )
* ASTERISK-26982 - chan_sip: rtcp_mux setting may cause ice completion failure/delay if client offers rtcp-mux as negotiable (Reported by Stefan Engström)
* ASTERISK-26964 - res_pjsip_session: Wrong From on reinvite when request and To URI differ (Reported by Yasin CANER)
* ASTERISK-26789 - Audit manipulation of channel flags without locks (Reported by Joshua Colp)
* ASTERISK-26333 - Problems with Blind Transfer, PJSIP (Aastra 6869i) (Reported by Matthias Binder)
Improvements made in this release:
-----------------------------------
* ASTERISK-26230 - [patch] res_pjsip_mwi: unsolicited mwi could block PJSIP taskprocessor on startup (Reported by Alexei Gradinari)
* ASTERISK-27043 - Core/BuildSystem: Add defines to fix build with LibreSSL (Reported by Guido Falsi)
* ASTERISK-27042 - Unpatched asterisk sources fail to build on FreeBSD due to missing crypt.h file (Reported by Guido Falsi)
* ASTERISK-26419 - audiohooks: Remove redundant codec translations when using audiohooks (Reported by Michael Walton)
* ASTERISK-26976 - libsrtp-2.x.x support (Reported by Alex)
* ASTERISK-26124 - res_agi: Set audio format for EAGI audio stream (Reported by John Fawcett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.6.0
Rilasciato Asterisk 13.17.0
Il giorno 12 giugno 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.17.0.
Dal post originale:
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27108 - Crash using 'data get' CLI command (Reported by Sean Bright)
* ASTERISK-27106 - [patch] autodomain (SIP Domain Support): Add only really different domain with TLS. (Reported by Alexander Traud)
* ASTERISK-27100 - channel: ast_waitfordigit_full fails to clear flag in an error branch. (Reported by Corey Farrell)
* ASTERISK-27090 - PJSIP: Deadlock using TCP transport (Reported by Richard Mudgett)
* ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY events (Reported by Ove Aursand)
* ASTERISK-27065 - call hangup after leaving app_queue (Reported by Marek Cervenka)
* ASTERISK-26978 - rtp: Crash in ast_rtp_codecs_payload_code() (Reported by Ross Beer)
* ASTERISK-27074 - core_local: local channel data not being properly unref'ed and unlocked (Reported by Kevin Harwell)
* ASTERISK-27075 - bridge: stuck channel(s) after failed attended transfer (Reported by Kevin Harwell)
* ASTERISK-24052 - app_voicemail reloads result in leaked IMAP sockets. (Reported by Louis Jocelyn Paquet)
* ASTERISK-27060 - Comment typo format_g729.c (Reported by Matthew Fredrickson)
* ASTERISK-27026 - res_ari: Crash when no ari.conf configuration file exists (Reported by Ronald Raikes)
* ASTERISK-27041 - Core/PBX: [patch] Deadlock between dialplan execution and application unregistration (Reported by Frederic LE FOLL)
* ASTERISK-27057 - Seg Fault in ast_sorcery_object_get_id at sorcery.c (Reported by Ryan Smith)
* ASTERISK-27024 - nat/external_media settings ignored in 14.4.1 (Reported by Christopher van de Sande)
* ASTERISK-27046 - res_pjsip_transport_websocket: segfault in get_write_timeout (Reported by Jørgen H)
* ASTERISK-27022 - res_rtp_asterisk: Incorrect SSRC change for RTCP component (Reported by Michael Walton)
* ASTERISK-26923 - bridging: T.38 request is lost when channels are added to bridge (Reported by Torrey Searle)
* ASTERISK-27053 - res_pjsip_refer/session: Calls dropped during transfer (Reported by Kevin Harwell)
* ASTERISK-27052 - Asterisk build process fails with flag --with-pjproject-bundled with curl download command and slow network (Reported by alex)
* ASTERISK-27039 - chan_pjsip: Device state is idle when channel from endpoint is in early media (Reported by Joshua Colp)
* ASTERISK-26996 - chan_pjsip: Flipping between codecs (Reported by Michael Maier)
* ASTERISK-26281 - chan_pjsip would send INVITE to 'Unreachable' endpoints (Reported by Jacek Konieczny)
* ASTERISK-26973 - bridge: Crash when freeing frame and snooping (Reported by Michel R. Vaillancourt)
* ASTERISK-19291 - Background in realtime (Reported by Andrew Nowrot)
* ASTERISK-27025 - channel / meetme: Fix missing parentheses (Reported by Joshua Colp)
* ASTERISK-27021 - GET /recordings/stored returns 500 Internal Server Error (Reported by Tim Morgan)
* ASTERISK-24858 - [patch]Asterisk 13 PJSIP sends RTP packets in wrong byte order on Intel platform when using slin codec (Reported by Frankie Chin)
* ASTERISK-23951 - Asterisk attempts and fails to build format_mp3 even if mp3lib was not downloaded (Reported by Tzafrir Cohen)
* ASTERISK-25294 - srtp's crypto_get_random deprecated (Reported by Tzafrir Cohen)
* ASTERISK-23839 - AGI - RECORD FILE - documentation doesn't describe BEEP argument (Reported by Rusty Newton)
* ASTERISK-22432 - Async AGI crashes Asterisk when issuing "set variable" command without args (Reported by Antoine Pitrou)
* ASTERISK-25662 - Malformed AGI 520 Usage response (Reported by Tony Mountifield)
* ASTERISK-25101 - DTLS configuration can not be specified in the general section - documentation (Reported by Ben Langfeld)
* ASTERISK-27008 - res_format_attr_h264: SDP parse fails if fmtp optional parameters have a space (Reported by John Harris)
* ASTERISK-26399 - app_queue: Agent not called when caller is parked (Reported by wushumasters)
* ASTERISK-26400 - app_queue: Queue member stops being called after AMI "Redirect" action for queues with wrapuptime (Reported by Etienne Lessard)
* ASTERISK-26715 - app_queue: Member will not receive any new calls after doing a transfer if wrapuptime = greater than 0 and using Local channel (Reported by David Brillert)
* ASTERISK-26975 - app_queue: Non-zero wrapup time can cause agents not to receive queue calls after transfer queue call (Reported by Lorne Gaetz)
* ASTERISK-27012 - app_confbridge: ConfBridge sometimes does not play user name recording while leaving (Reported by Robert Mordec)
* ASTERISK-26979 - res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110 (Reported by Javier Riveros )
* ASTERISK-26982 - chan_sip: rtcp_mux setting may cause ice completion failure/delay if client offers rtcp-mux as negotiable (Reported by Stefan Engström)
* ASTERISK-26964 - res_pjsip_session: Wrong From on reinvite when request and To URI differ (Reported by Yasin CANER)
* ASTERISK-26789 - Audit manipulation of channel flags without locks (Reported by Joshua Colp)
* ASTERISK-26333 - Problems with Blind Transfer, PJSIP (Aastra 6869i) (Reported by Matthias Binder)
Improvements made in this release:
-----------------------------------
* ASTERISK-26230 - [patch] res_pjsip_mwi: unsolicited mwi could block PJSIP taskprocessor on startup (Reported by Alexei Gradinari)
* ASTERISK-27043 - Core/BuildSystem: Add defines to fix build with LibreSSL (Reported by Guido Falsi)
* ASTERISK-27042 - Unpatched asterisk sources fail to build on FreeBSD due to missing crypt.h file (Reported by Guido Falsi)
* ASTERISK-26419 - audiohooks: Remove redundant codec translations when using audiohooks (Reported by Michael Walton)
* ASTERISK-26976 - libsrtp-2.x.x support (Reported by Alex)
* ASTERISK-26124 - res_agi: Set audio format for EAGI audio stream (Reported by John Fawcett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.17.0
AST-2017-004: Memory exhaustion on short SCCP packets
Asterisk Project Security Advisory - AST-2017-004Product Asterisk
Summary Memory exhaustion on short SCCP packets
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On April 13, 2017
Reported By Sandro Gauci
Posted On
Last Updated On April 13, 2017
Advisory Contact George Joseph <gjoseph AT digium DOT com>
CVE NameDescription A remote memory exhaustion can be triggered by sending an
SCCP packet to Asterisk system with “chan_skinny†enabled
that is larger than the length of the SCCP header but
smaller than the packet length specified in the header. The
loop that reads the rest of the packet doesn’t detect that
the call to read() returned end-of-file before the expected
number of bytes and continues infinitely. The “partial
data†message logging in that tight loop causes Asterisk to
exhaust all available memory.Resolution If support for the SCCP protocol is not required, remove or
disable the module.If support for SCCP is required, an upgrade to Asterisk will
be necessary.Affected Versions
Product Release Series
Asterisk Open Source 11.x Unaffected
Asterisk Open Source 13.x All versions
Asterisk Open Source 14.x All versions
Certified Asterisk 13.13 All versionsCorrected In
Product Release
Asterisk Open Source 13.15.1, 14.4.1
Certified Asterisk 13.13-cert4Patches
SVN URL RevisionLinks
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/securityThis document may be superseded by later versions; if so, the latest
version will be posted at http://downloads.digium.com/pub/security/.pdf
and http://downloads.digium.com/pub/security/.htmlRevision History
Date Editor Revisions Made
13 April 2017 George Joseph Initial report createdAsterisk Project Security Advisory -
Copyright © 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.