[Buildroot] [PATCH] package/asterisk: security bump to version 16.14.1
Peter Korsgaard
peter at korsgaard.com
Thu Nov 12 20:57:25 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - AST-2020-001: Remote crash in res_pjsip_session
> Upon receiving a new SIP Invite, Asterisk did not return the created
> dialog locked or referenced.
> - AST-2020-002: Outbound INVITE loop on challenge with different nonce
> If Asterisk is challenged on an outbound INVITE and the nonce is changed
> in each response, Asterisk will continually send INVITEs in a loop. This
> causes Asterisk to consume more and more memory since the transaction will
> never terminate (even if the call is hung up), ultimately leading to a
> restart or shutdown of Asterisk. Outbound authentication must be
> configured on the endpoint for this to occur.
> For details, see the announcement:
> https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list