Bug#633481: marked as done (asterisk: Security upgrade for Lenny missing ast_str_strlen symbol)

Debian Bug Tracking System Mon, 25 Jul 2011 18:57:27 -0700

Your message dated Tue, 26 Jul 2011 01:54:27 +0000
with message-id <[email protected]>
and subject line Bug#633481: fixed in asterisk 1:1.4.21.2~dfsg-3+lenny5
has caused the Debian Bug report #633481,
regarding asterisk: Security upgrade for Lenny missing ast_str_strlen symbol
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
633481: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633481
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: asterisk
Version: 1:1.4.21.2~dfsg-3+lenny3
Severity: grave
Justification: renders package unusable


I installed the latest security patch for Asterisk on my Lenny system
today. It starts successfully, but immediately exits. When I start it
from the command line with the -v parameter, the last few lines of
output are:

app_mixmonitor.so => (Mixed Audio Monitoring Application)
app_authenticate.so => (Authentication Application)
func_groupcount.so => (Channel group dialplan functions)
app_milliwatt.so => (Digital Milliwatt (mu-law) Test Application)
app_image.so => (Image Transmission Application)
app_adsiprog.so => (Asterisk ADSI Programming Application)
Asterisk Ready.
asterisk: symbol lookup error: /usr/lib/asterisk/modules/chan_sip.so: undefined 
symbol: ast_str_strlen

To me, the last line of output suggests that the security fix to
chan_sip uses a function named ast_str_strlen that isn't available in
the Lenny version of asterisk.

Upong rolling back to the 1.4.21.2~dfsg-3+lenny2.1 version, asterisk
starts fine. No changes to the configs were made with either the install
or the rollback.

I marked this "grave" because my previously functioning installation
became non-fuctioning. I suspect this will affect all users with SIP
channels, which is I believe is a large percentage of users.


Mike McCallister


-- System Information:
Debian Release: 5.0.3
  APT prefers oldstable
  APT policy: (991, 'oldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages asterisk depends on:
ii  adduser         3.110                    add and remove users and groups
ii  asterisk-config 1:1.4.21.2~dfsg-3+lenny3 Configuration files for Asterisk
ii  asterisk-sounds 1:1.4.21.2~dfsg-3+lenny3 Core Sound files for Asterisk (Eng
ii  libasound2      1.0.16-2                 ALSA library
ii  libc-client2007 7:2007b~dfsg-4+lenny3    c-client library for mail protocol
ii  libc6           2.7-18lenny7             GNU C Library: Shared libraries
ii  libcap2         2.11-2                   support for getting/setting POSIX.
ii  libcurl3        7.18.2-8lenny5           Multi-protocol file transfer libra
ii  libgcc1         1:4.3.2-1.1              GCC support library
ii  libgsm1         1.0.12-1                 Shared libraries for GSM speech co
ii  libiksemel3     1.2-4                    C library for the Jabber IM platfo
ii  libncurses5     5.7+20081213-1           shared libraries for terminal hand
ii  libnewt0.52     0.52.2-11.3+lenny1       Not Erik's Windowing Toolkit - tex
ii  libogg0         1.1.3-4                  Ogg Bitstream Library
ii  libpopt0        1.14-4                   lib for parsing cmdline parameters
ii  libpq5          8.3.14-0lenny1           PostgreSQL C client library
ii  libpri1.0       1.4.3-2                  Primary Rate ISDN specification li
ii  libradiusclient 0.5.5-1                  Enhanced RADIUS client library
ii  libsnmp15       5.4.1~dfsg-12            SNMP (Simple Network Management Pr
ii  libspeex1       1.2~rc1-1                The Speex codec runtime library
ii  libspeexdsp1    1.2~rc1-1                The Speex extended runtime library
ii  libsqlite0      2.8.17-4                 SQLite shared library
ii  libssl0.9.8     0.9.8g-15+lenny11        SSL shared libraries
ii  libstdc++6      4.3.2-1.1                The GNU Standard C++ Library v3
ii  libtonezone1    1:1.4.11~dfsg-3          tonezone library (runtime)
ii  libvorbis0a     1.2.0.dfsg-3.1+lenny1    The Vorbis General Audio Compressi
ii  libvorbisenc2   1.2.0.dfsg-3.1+lenny1    The Vorbis General Audio Compressi
ii  libvpb0         4.2.38.1-1               Voicetronix telephony hardware use
ii  unixodbc        2.2.11-16                ODBC tools libraries
ii  zlib1g          1:1.2.3.3.dfsg-12        compression library - runtime

asterisk recommends no packages.

Versions of packages asterisk suggests:
pn  asterisk-dev                  <none>     (no description available)
pn  asterisk-doc                  <none>     (no description available)
pn  asterisk-h323                 <none>     (no description available)
pn  ekiga                         <none>     (no description available)
pn  kphone                        <none>     (no description available)
pn  ohphone                       <none>     (no description available)
pn  twinkle                       <none>     (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: asterisk
Source-Version: 1:1.4.21.2~dfsg-3+lenny5

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.4.21.2~dfsg-3+lenny5_all.deb
  to main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny5_all.deb
asterisk-dbg_1.4.21.2~dfsg-3+lenny5_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny5_amd64.deb
asterisk-dev_1.4.21.2~dfsg-3+lenny5_all.deb
  to main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny5_all.deb
asterisk-doc_1.4.21.2~dfsg-3+lenny5_all.deb
  to main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny5_all.deb
asterisk-h323_1.4.21.2~dfsg-3+lenny5_amd64.deb
  to main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny5_amd64.deb
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny5_all.deb
  to main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny5_all.deb
asterisk_1.4.21.2~dfsg-3+lenny5.diff.gz
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny5.diff.gz
asterisk_1.4.21.2~dfsg-3+lenny5.dsc
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny5.dsc
asterisk_1.4.21.2~dfsg-3+lenny5_amd64.deb
  to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tzafrir Cohen <[email protected]> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 10 Jul 2011 21:56:22 +0300
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg 
asterisk-sounds-main asterisk-config
Architecture: source all amd64
Version: 1:1.4.21.2~dfsg-3+lenny5
Distribution: oldstable-security
Urgency: high
Maintainer: Debian VoIP Team <[email protected]>
Changed-By: Tzafrir Cohen <[email protected]>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h323 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Closes: 633481
Changes: 
 asterisk (1:1.4.21.2~dfsg-3+lenny5) oldstable-security; urgency=high
 .
   * Patch AST-2011-008: Use strlen rather than ast_str_len (Closes: #633481).
Checksums-Sha1: 
 8d34d61a1cfe6187488939f2247884248f29ada0 1979 
asterisk_1.4.21.2~dfsg-3+lenny5.dsc
 fc60982f4ca7ba1b0fcd30b9b45e7c9611a2a0b4 161374 
asterisk_1.4.21.2~dfsg-3+lenny5.diff.gz
 ac0a5d9a39a28e7576db6610ea66e571b97f8c2d 33083950 
asterisk-doc_1.4.21.2~dfsg-3+lenny5_all.deb
 ef8f3de91c1f6f5abb32ba5cbf473f4f6ae6cd67 429596 
asterisk-dev_1.4.21.2~dfsg-3+lenny5_all.deb
 45aa4a10e0e97c41eb63136d62156bae0a7c8b10 1900278 
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny5_all.deb
 582f7b02f874b62f423f6bdfd3abd983977a6dbc 486004 
asterisk-config_1.4.21.2~dfsg-3+lenny5_all.deb
 a02a617263cd62894ea4295e52d4c49e20a75966 2624868 
asterisk_1.4.21.2~dfsg-3+lenny5_amd64.deb
 3043130dec7035873f31e222e525e0e396db03ee 399032 
asterisk-h323_1.4.21.2~dfsg-3+lenny5_amd64.deb
 77ba9b294c37f9d6cd5f56bd503048c691e83d0e 13153518 
asterisk-dbg_1.4.21.2~dfsg-3+lenny5_amd64.deb
Checksums-Sha256: 
 e71f163497012c31668f577590399b3ec25ba3a163d5ea25e56ec2a19ecb8565 1979 
asterisk_1.4.21.2~dfsg-3+lenny5.dsc
 ab91a44d5050ef514e7599a5d3f90709503aea84378cba8d4075b88f06358cf6 161374 
asterisk_1.4.21.2~dfsg-3+lenny5.diff.gz
 ad8c8f7d7d712c8443a3ab001fd8f716e55491286cfc6e76c21dc11c4cde236f 33083950 
asterisk-doc_1.4.21.2~dfsg-3+lenny5_all.deb
 959c955354266c50f2b0cc77d9c360aac112e517b24a12ffff8d11020285584c 429596 
asterisk-dev_1.4.21.2~dfsg-3+lenny5_all.deb
 8137f42e3ebed0a799173254c2338b379bff52a032d1ee3bdd267382149752c8 1900278 
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny5_all.deb
 8e199fb6d339e180966436662bba20ac42e04aeab7b9889ad0d9ddff5f8a845e 486004 
asterisk-config_1.4.21.2~dfsg-3+lenny5_all.deb
 9a7568b872e68f8f6468156356ac605efad75ea8da4bb273bdf5d456b24c4e79 2624868 
asterisk_1.4.21.2~dfsg-3+lenny5_amd64.deb
 b36004a49f42632cb944711307d07c70fbb557329d86acd14f68af5810399734 399032 
asterisk-h323_1.4.21.2~dfsg-3+lenny5_amd64.deb
 55a865b97471b94acbe670ff306a145e7f8117217aec2d449a1a955e2f70ce79 13153518 
asterisk-dbg_1.4.21.2~dfsg-3+lenny5_amd64.deb
Files: 
 c937defa4a32436dc21d71de43786a8b 1979 comm optional 
asterisk_1.4.21.2~dfsg-3+lenny5.dsc
 a8aee882f738ea3c4e3916934d4d5286 161374 comm optional 
asterisk_1.4.21.2~dfsg-3+lenny5.diff.gz
 a7a263cceda50d53d86dd6575940c9f5 33083950 doc extra 
asterisk-doc_1.4.21.2~dfsg-3+lenny5_all.deb
 fe7742e5aa9d659b63584edc5651954c 429596 devel extra 
asterisk-dev_1.4.21.2~dfsg-3+lenny5_all.deb
 6527434f4e84485af527290d803203a8 1900278 comm optional 
asterisk-sounds-main_1.4.21.2~dfsg-3+lenny5_all.deb
 a3ef1e4a7f272a8932eaf77b31917057 486004 comm optional 
asterisk-config_1.4.21.2~dfsg-3+lenny5_all.deb
 59b2883ab849c57ee7c1dc13a6180426 2624868 comm optional 
asterisk_1.4.21.2~dfsg-3+lenny5_amd64.deb
 30b95bde62b4ec2efc262e26eb0eea68 399032 comm optional 
asterisk-h323_1.4.21.2~dfsg-3+lenny5_amd64.deb
 d06bfa1eb5f228e5d1177aca3e9ad63e 13153518 devel extra 
asterisk-dbg_1.4.21.2~dfsg-3+lenny5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4aOI8ACgkQQWTRs4lLtHmZ6gCgqUGRxFs3SzKo4M24je/11lgm
BGIAnjZqu39XUnTdj+Qq3nPgV+juFL41
=um4s
-----END PGP SIGNATURE-----

--- End Message ---

Bug#633481: marked as done (asterisk: Security upgrade for Lenny missing ast_str_strlen symbol)

Reply via email to