svn commit: r554163 - head/security/vuxml

Guido Falsi madpilot at FreeBSD.org
Thu Nov 5 22:38:14 UTC 2020 

Author: madpilot
Date: Thu Nov  5 22:38:13 2020
New Revision: 554163
URL: https://svnweb.freebsd.org/changeset/ports/554163

Log:
  Document asterisk vulnerabilities.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Nov  5 21:59:10 2020	(r554162)
+++ head/security/vuxml/vuln.xml	Thu Nov  5 22:38:13 2020	(r554163)
@@ -58,6 +58,87 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="29b7f0be-1fb7-11eb-b9d4-001999f8d30b">
+    <topic>asterisk -- Outbound INVITE loop on challenge with different nonce</topic>
+    <affects>
+      <package>
+	<name>asterisk13</name>
+	<range><lt>13.37.1</lt></range>
+      </package>
+      <package>
+	<name>asterisk16</name>
+	<range><lt>16.14.1</lt></range>
+      </package>
+      <package>
+	<name>asterisk18</name>
+	<range><lt>18.0.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Asterisk project reports:</p>
+	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
+	  <p>If Asterisk is challenged on an outbound INVITE and
+	  the nonce is changed in each response, Asterisk will
+	  continually send INVITEs in a loop. This causes Asterisk
+	  to consume more and more memory since the transaction
+	  will never terminate (even if the call is hung up),
+	  ultimately leading to a restart or shutdown of Asterisk.
+	  Outbound authentication must be configured on the endpoint
+	  for this to occur.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://downloads.asterisk.org/pub/security/AST-2020-002.html</url>
+    </references>
+    <dates>
+      <discovery>2020-11-05</discovery>
+      <entry>2020-11-05</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="972fe546-1fb6-11eb-b9d4-001999f8d30b">
+    <topic>asterisk -- Remote crash in res_pjsip_session</topic>
+    <affects>
+      <package>
+	<name>asterisk13</name>
+	<range><lt>13.37.1</lt></range>
+      </package>
+      <package>
+	<name>asterisk16</name>
+	<range><lt>16.14.1</lt></range>
+      </package>
+      <package>
+	<name>asterisk18</name>
+	<range><lt>18.0.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Asterisk project reports:</p>
+	<blockquote cite="https://www.asterisk.org/downloads/security-advisories">
+	  <p> Upon receiving a new SIP Invite, Asterisk did not
+	  return the created dialog locked or referenced. This
+	  caused a gap between the creation of the dialog object,
+	  and its next use by the thread that created it. Depending
+	  upon some off nominal circumstances, and timing it was
+	  possible for another thread to free said dialog in this
+	  gap. Asterisk could then crash when the dialog object,
+	  or any of its dependent objects were de-referenced, or
+	  accessed next by the initial creation thread.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://downloads.asterisk.org/pub/security/AST-2020-001.html</url>
+    </references>
+    <dates>
+      <discovery>2020-11-05</discovery>
+      <entry>2020-11-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-head mailing list