CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2013/03/17 06:53:09
Modified files:
telephony/asterisk: Tag: OPENBSD_5_2 Makefile distinfo
telephony/asterisk/patches: Tag: OPENBSD_5_2
patch-contrib_scripts_safe_asterisk
telephony/asterisk/pkg: Tag: OPENBSD_5_2 PLIST-main
Log message:
SECURITY update for Asterisk in 5.2-stable to 1.8.20.1, includes fixes for the
following (which were fixed in -current by the update to 10.11.1 in January).
AST-2012-014: large stack allocations in TCP; affects remote unauthenticated
SIP *over TCP* and remote authenticated XMPP/HTTP connections.
This was initially suspected to just be a DoS however pirofti@ pointed me
at this write-up: http://blog.exodusintel.com/2013/01/07/who-was-phone/
(which sheds a bit of light on the increased scans on the default AMI port
that I've noticed recently..)
AST-2012-015: DoS through resource consumption by exploiting device
state caching; exploitable if anonymous calls are permitted.
