AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. AST-2020-002: Outbound INVITE loop on challenge with different nonce. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
https://seclists.org/fulldisclosure/2020/Nov/2 https://seclists.org/fulldisclosure/2020/Nov/3
Ping. [ASTERISK-29057] - pjsip: Crash on call rejection during high load (Reported by Sandro Gauci) is fixed in 13.38.0, 16.5.0, 17.9.0, 18.1.0.
ping, CI is red on pr
(In reply to Sam James from comment #3) > ping, CI is red on pr Yea, sorry, due to previous GLSA that decided to include 11. I've now moved that to a private overlay to fix the problem, and also incorporated the lua changes else that's going to cause problems. dep on :0= vs :*.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d807d52318c0e9363034619a852e6d153b926e78 commit d807d52318c0e9363034619a852e6d153b926e78 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2020-11-24 08:50:07 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2020-12-23 21:31:08 +0000 net-misc/asterisk: 16.15.1 (sec bump) Bug: https://bugs.gentoo.org/753269 Bug: https://bugs.gentoo.org/761313 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Marek Szuba <marecki@gentoo.org> net-misc/asterisk/Manifest | 1 + net-misc/asterisk/asterisk-16.15.1.ebuild | 304 ++++++++++++++++++++++++++++++ 2 files changed, 305 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5c5f8698c11a73a5685fc3e11a3098bec854423 commit d5c5f8698c11a73a5685fc3e11a3098bec854423 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2020-11-24 08:30:30 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2020-12-23 21:31:05 +0000 net-misc/asterisk: version 13.38.1 (sec update) Bug: https://bugs.gentoo.org/753269 Bug: https://bugs.gentoo.org/761313 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Marek Szuba <marecki@gentoo.org> net-misc/asterisk/Manifest | 1 + net-misc/asterisk/asterisk-13.38.1.ebuild | 299 ++++++++++++++++++++++++++++++ 2 files changed, 300 insertions(+)
This issue was resolved and addressed in GLSA 202101-10 at https://security.gentoo.org/glsa/202101-10 by GLSA coordinator Aaron Bauman (b-man).