http://downloads.asterisk.org/pub/security/AST-2014-001.pdf http://downloads.asterisk.org/pub/security/AST-2014-002.pdf http://downloads.asterisk.org/pub/security/AST-2014-003.pdf http://downloads.asterisk.org/pub/security/AST-2014-004.pdf
+*asterisk-12.1.1 (11 Mar 2014) +*asterisk-11.8.1 (11 Mar 2014) +*asterisk-1.8.26.1 (11 Mar 2014) + + 11 Mar 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.26.0.ebuild, + +asterisk-1.8.26.1.ebuild, -asterisk-11.7.0-r1.ebuild, + -asterisk-11.8.0.ebuild, +asterisk-11.8.1.ebuild, -asterisk-12.0.0.ebuild, + -asterisk-12.1.0.ebuild, +asterisk-12.1.1.ebuild: + New releases in all three branches to address a stack overflow in HTTP cookie + header processing, a file descriptor exhaustion through session timers in + chan_sip and two remote crashes in PJSIP (12 branch only). Removed all + vulnerable non-stable ebuilds. Upstream vulnerability reports AST-2014-001, + 002, 003 & 004. Arches, please test and mark stable: =net-misc/asterisk-1.8.26.1 =net-misc/asterisk-11.8.1 The following branch is masked and has no stable ebuilds: =net-misc/asterisk-12.1.1 The following vulnerable ebuilds should be removed after security stabling: =net-misc/asterisk-1.8.25.0 =net-misc/asterisk-11.7.0
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Clean-up by ago is complete, secure ebuilds on all three branches. Please proceed with GLSA decision process.
Thanks everyone. GLSA request filed.
CVE-2014-2289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2289): res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
Lowering vulnerability score, due to all of the specified vulnerabilities are classified as Denial of Service by upstream
This issue was resolved and addressed in GLSA 201405-05 at http://security.gentoo.org/glsa/glsa-201405-05.xml by GLSA coordinator Sergey Popov (pinkbyte).