AST-2011-008: If a remote user sends a SIP packet containing a null, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end of the buffer altering unrelated memory structures. This vulnerability does not affect TCP/TLS connections. -- Resolved in 1.6.2.18.1 and 1.8.4.3 AST-2011-009: A remote user sending a SIP packet containing a Contact header with a missing left angle bracket (<) causes Asterisk to access a null pointer. -- Resolved in 1.8.4.3 AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it. -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 1.4 branch: Not in portage. 1.6.2 branch: Ebuilds in tree, need stable keywords. 1.8 branch: In portage, vulnerable ebuilds axed, no stable keywords. Arches, please test & stable 1.6.2.18.1. Suggested test procedure is to install the daemon with the default configs and to stop/start the daemon multiple times.
amd64 ok
+ 24 Jun 2011; Tony Vroon <chainsaw@gentoo.org> asterisk-1.6.2.18.1.ebuild: + Mark stable on AMD64 based on arch testing by Agostino "ago" Sarubbo; for + security bug #372793.
amd64: all ok
x86 stable
Thanks, everyone. Added to existing GLSA request.
+ 27 Jun 2011; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.6.2.17.3.ebuild: + Remove last vulnerable ebuild on 1.8 branch now that stabling has been + completed for security bug #372793.
This issue was resolved and addressed in GLSA 201110-21 at http://security.gentoo.org/glsa/glsa-201110-21.xml by GLSA coordinator Tim Sammut (underling).