This is a regression in the asterisk DSA for lenny, so cc:ing team@security.
On Sun, Jul 10, 2011 at 11:58:57 -0500, Mike McCallister wrote: > Package: asterisk > Version: 1:1.4.21.2~dfsg-3+lenny3 > Severity: grave > Justification: renders package unusable > > > I installed the latest security patch for Asterisk on my Lenny system > today. It starts successfully, but immediately exits. When I start it > from the command line with the -v parameter, the last few lines of > output are: > > app_mixmonitor.so => (Mixed Audio Monitoring Application) > app_authenticate.so => (Authentication Application) > func_groupcount.so => (Channel group dialplan functions) > app_milliwatt.so => (Digital Milliwatt (mu-law) Test Application) > app_image.so => (Image Transmission Application) > app_adsiprog.so => (Asterisk ADSI Programming Application) > Asterisk Ready. > asterisk: symbol lookup error: /usr/lib/asterisk/modules/chan_sip.so: > undefined symbol: ast_str_strlen > > To me, the last line of output suggests that the security fix to > chan_sip uses a function named ast_str_strlen that isn't available in > the Lenny version of asterisk. > > Upong rolling back to the 1.4.21.2~dfsg-3+lenny2.1 version, asterisk > starts fine. No changes to the configs were made with either the install > or the rollback. > > I marked this "grave" because my previously functioning installation > became non-fuctioning. I suspect this will affect all users with SIP > channels, which is I believe is a large percentage of users. > > > Mike McCallister > > > -- System Information: > Debian Release: 5.0.3 > APT prefers oldstable > APT policy: (991, 'oldstable'), (500, 'oldstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/3 CPU cores) > Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages asterisk depends on: > ii adduser 3.110 add and remove users and groups > ii asterisk-config 1:1.4.21.2~dfsg-3+lenny3 Configuration files for Asterisk > ii asterisk-sounds 1:1.4.21.2~dfsg-3+lenny3 Core Sound files for Asterisk > (Eng > ii libasound2 1.0.16-2 ALSA library > ii libc-client2007 7:2007b~dfsg-4+lenny3 c-client library for mail > protocol > ii libc6 2.7-18lenny7 GNU C Library: Shared libraries > ii libcap2 2.11-2 support for getting/setting > POSIX. > ii libcurl3 7.18.2-8lenny5 Multi-protocol file transfer > libra > ii libgcc1 1:4.3.2-1.1 GCC support library > ii libgsm1 1.0.12-1 Shared libraries for GSM speech > co > ii libiksemel3 1.2-4 C library for the Jabber IM > platfo > ii libncurses5 5.7+20081213-1 shared libraries for terminal > hand > ii libnewt0.52 0.52.2-11.3+lenny1 Not Erik's Windowing Toolkit - > tex > ii libogg0 1.1.3-4 Ogg Bitstream Library > ii libpopt0 1.14-4 lib for parsing cmdline > parameters > ii libpq5 8.3.14-0lenny1 PostgreSQL C client library > ii libpri1.0 1.4.3-2 Primary Rate ISDN specification > li > ii libradiusclient 0.5.5-1 Enhanced RADIUS client library > ii libsnmp15 5.4.1~dfsg-12 SNMP (Simple Network Management > Pr > ii libspeex1 1.2~rc1-1 The Speex codec runtime library > ii libspeexdsp1 1.2~rc1-1 The Speex extended runtime > library > ii libsqlite0 2.8.17-4 SQLite shared library > ii libssl0.9.8 0.9.8g-15+lenny11 SSL shared libraries > ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 > ii libtonezone1 1:1.4.11~dfsg-3 tonezone library (runtime) > ii libvorbis0a 1.2.0.dfsg-3.1+lenny1 The Vorbis General Audio > Compressi > ii libvorbisenc2 1.2.0.dfsg-3.1+lenny1 The Vorbis General Audio > Compressi > ii libvpb0 4.2.38.1-1 Voicetronix telephony hardware > use > ii unixodbc 2.2.11-16 ODBC tools libraries > ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime > > asterisk recommends no packages. > > Versions of packages asterisk suggests: > pn asterisk-dev <none> (no description available) > pn asterisk-doc <none> (no description available) > pn asterisk-h323 <none> (no description available) > pn ekiga <none> (no description available) > pn kphone <none> (no description available) > pn ohphone <none> (no description available) > pn twinkle <none> (no description available) > > -- no debconf information > > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
