Bug#675204: marked as done (asterisk: AST-2012-007 (CVE-2012-2947): crash on IAX receiving HOLD without MOH class)

Debian Bug Tracking System Tue, 12 Jun 2012 14:19:47 -0700

Your message dated Tue, 12 Jun 2012 21:02:18 +0000
with message-id <e1seyee-00087w...@franck.debian.org>
and subject line Bug#675204: fixed in asterisk 1:1.6.2.9-2+squeeze6
has caused the Debian Bug report #675204,
regarding asterisk: AST-2012-007 (CVE-2012-2947): crash on IAX receiving HOLD 
without MOH class
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
675204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675204
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: asterisk
Version: 1:1.8.11.1~dfsg-1
Severity: grave
Tags: upstream patch security
Justification: user security hole

A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested
music class. For this to occur, the following must take place:

1. The setting mohinterpret=passthrough must be set on the end placing
   the call on hold.

2. A call must be established.

3. The call is placed on hold without a suggested music-on-hold class name.


When these conditions are true, Asterisk will attempt to use an invalid
pointer to a music-on-hold class name. Use of the invalid pointer will
either cause a crash or the music-on-hold class name will be garbage.

Issue applies to version in Stable (1.6.2.9) as well.

In the default settings used by the Debian package, on-hold music will be
defined if available (e.g. if any asterisk-moh-opsound package is
installed).

-- System Information:
Debian Release: wheezy/sid
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages asterisk depends on:
ii  adduser                                       3.113+nmu2
ii  asterisk-config                               1:1.8.12.0~rc3~dfsg-0.9674
ii  asterisk-core-sounds-en [asterisk-prompt-en]  1.4.21-2
ii  asterisk-modules                              1:1.8.12.0~rc3~dfsg-0.9674
ii  asterisk-sounds-main [asterisk-prompt-en]     1:1.8.3.3-0.8891
ii  libc6                                         2.13-32
ii  libcap2                                       1:2.22-1
ii  libgcc1                                       1:4.7.0-8
ii  libssl1.0.0                                   1.0.1c-1
ii  libstdc++6                                    4.7.0-8
ii  libtinfo5                                     5.9-7
ii  libxml2                                       2.7.8.dfsg-9.1

Versions of packages asterisk recommends:
ii  asterisk-moh-opsound-gsm                         2.03-1
ii  asterisk-voicemail [asterisk-voicemail-storage]  1:1.8.12.0~rc3~dfsg-0.9674
ii  sox                                              14.3.2-3

Versions of packages asterisk suggests:
pn  asterisk-dahdi   1:1.8.12.0~rc3~dfsg-0.9674
pn  asterisk-dev     1:1.8.12.0~rc3~dfsg-0.9674
pn  asterisk-doc     1:1.8.12.0~rc3~dfsg-0.9674
pn  asterisk-ooh323  <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: asterisk
Source-Version: 1:1.6.2.9-2+squeeze6

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.6.2.9-2+squeeze6_all.deb
  to main/a/asterisk/asterisk-config_1.6.2.9-2+squeeze6_all.deb
asterisk-dbg_1.6.2.9-2+squeeze6_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.6.2.9-2+squeeze6_amd64.deb
asterisk-dev_1.6.2.9-2+squeeze6_all.deb
  to main/a/asterisk/asterisk-dev_1.6.2.9-2+squeeze6_all.deb
asterisk-doc_1.6.2.9-2+squeeze6_all.deb
  to main/a/asterisk/asterisk-doc_1.6.2.9-2+squeeze6_all.deb
asterisk-h323_1.6.2.9-2+squeeze6_amd64.deb
  to main/a/asterisk/asterisk-h323_1.6.2.9-2+squeeze6_amd64.deb
asterisk-sounds-main_1.6.2.9-2+squeeze6_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.6.2.9-2+squeeze6_all.deb
asterisk_1.6.2.9-2+squeeze6.debian.tar.gz
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze6.debian.tar.gz
asterisk_1.6.2.9-2+squeeze6.dsc
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze6.dsc
asterisk_1.6.2.9-2+squeeze6_amd64.deb
  to main/a/asterisk/asterisk_1.6.2.9-2+squeeze6_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 675...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 30 May 2012 15:01:36 +0300
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg 
asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.6.2.9-2+squeeze6
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Tzafrir Cohen <tzaf...@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h323 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 675204 675210
Changes: 
 asterisk (1:1.6.2.9-2+squeeze6) stable-security; urgency=high
 .
   * Patch AST-2012-007 (CVE-2012-2947): Fix IAX receiving HOLD without
     suggested MOH class crash (Closes: #675204).
   * Patch AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
     (Closes: #675210).
     - Patch skinny_fix_16040: A minor bugfix required to cleanly apply it.
Checksums-Sha1: 
 45c59cf0bd3f86240a30690d8eb44f8971e10346 2219 asterisk_1.6.2.9-2+squeeze6.dsc
 75e9f5ca7ed7b8d4eb62e11ebbef495eb44f0636 98744 
asterisk_1.6.2.9-2+squeeze6.debian.tar.gz
 8d88ca05e6a7be49aa283731edae7f6b3bdad42c 1704762 
asterisk-doc_1.6.2.9-2+squeeze6_all.deb
 ddacbb42b188bba897a6db33ee65b00e8f5bf3e0 636142 
asterisk-dev_1.6.2.9-2+squeeze6_all.deb
 2a48b6e28f02e3805bc0ec2d5653050182435d7e 2187506 
asterisk-sounds-main_1.6.2.9-2+squeeze6_all.deb
 560c0dbd7123885a344bc615c5e7109691b1404a 717006 
asterisk-config_1.6.2.9-2+squeeze6_all.deb
 23a236a841b26a6a27f6f23e84053182aa84039b 3600730 
asterisk_1.6.2.9-2+squeeze6_amd64.deb
 af837a09ce3a6b48cda778320729a7901b0f68ae 533866 
asterisk-h323_1.6.2.9-2+squeeze6_amd64.deb
 abfb6b623b7c878a1be0d78900f82096f1606e28 20343096 
asterisk-dbg_1.6.2.9-2+squeeze6_amd64.deb
Checksums-Sha256: 
 10de1b70bd92a65385670f54947270de605f74ca8879163d18571a77d9e0a7fb 2219 
asterisk_1.6.2.9-2+squeeze6.dsc
 3e17105321b621fdcba88a8a19dd81eaccbdea478e5db9b33cf07d9f057c52ff 98744 
asterisk_1.6.2.9-2+squeeze6.debian.tar.gz
 b9be45b78373ed877eb2f659c9e771865db6c90d3a663db9b659a3b5e616ba90 1704762 
asterisk-doc_1.6.2.9-2+squeeze6_all.deb
 87f4f228514f1aae6c2348545b855cc0d5f23aa232c795adfcd84171b21f5f07 636142 
asterisk-dev_1.6.2.9-2+squeeze6_all.deb
 50d07b4a462c0d4dfbcc60ffea694f5b2c89adc0384b25c754181ff30e34144b 2187506 
asterisk-sounds-main_1.6.2.9-2+squeeze6_all.deb
 3c804bf441c1248e30a4e649f01e3e7f7a0e7dd2d1ca686a9fe882477a848cd2 717006 
asterisk-config_1.6.2.9-2+squeeze6_all.deb
 05f27a6206f76cbf29d0b42963969051f672bf1e2b1b635590cca68de902e5df 3600730 
asterisk_1.6.2.9-2+squeeze6_amd64.deb
 ef85d00155d30e3ecde3b2b1b36325bbe6006ba34d8ffe948343498ab7775cf2 533866 
asterisk-h323_1.6.2.9-2+squeeze6_amd64.deb
 166dbe2e530ddc4be4720303ec5fc3de58aeb17efc46df64c85c7d9f6459d22c 20343096 
asterisk-dbg_1.6.2.9-2+squeeze6_amd64.deb
Files: 
 5c3faa85d86a7807ed2dbdb5f4e2d4ec 2219 comm optional 
asterisk_1.6.2.9-2+squeeze6.dsc
 f3488ef325fbd3708b30bdb1b966ce59 98744 comm optional 
asterisk_1.6.2.9-2+squeeze6.debian.tar.gz
 1abc71c22edbcb17a3c69cb79c4ae060 1704762 doc extra 
asterisk-doc_1.6.2.9-2+squeeze6_all.deb
 07213793076639f0d0f8daa8e35f7cb1 636142 devel extra 
asterisk-dev_1.6.2.9-2+squeeze6_all.deb
 bb87d64c78b4ce28e29cb8fa73228faf 2187506 comm optional 
asterisk-sounds-main_1.6.2.9-2+squeeze6_all.deb
 403a68f50900a24b5e26c9c5c00987e6 717006 comm optional 
asterisk-config_1.6.2.9-2+squeeze6_all.deb
 6f7cb2e22708485c7cc9f7de1a157cd8 3600730 comm optional 
asterisk_1.6.2.9-2+squeeze6_amd64.deb
 9c136b3acae571cd67b75ba76df96344 533866 comm optional 
asterisk-h323_1.6.2.9-2+squeeze6_amd64.deb
 8c16c4b53d552938546378ff9732353f 20343096 debug extra 
asterisk-dbg_1.6.2.9-2+squeeze6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk/N1/8ACgkQxArWdkN9MovvqQCgk2CaBa5F6MXMgoH6Qqls/SnX
8PQAn26CJN6JbYiStiv4M45tfst87t1T
=u1zh
-----END PGP SIGNATURE-----

--- End Message ---

Bug#675204: marked as done (asterisk: AST-2012-007 (CVE-2012-2947): crash on IAX receiving HOLD without MOH class)

Reply via email to