• [SECURITY] [DSA 5596-1] asterisk security update

    From Markus Koschany@21:1/5 to All on Thu Jan 4 22:40:01 2024
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5596-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 04, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : asterisk
    CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

    Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.


    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
    the available buffer space for storing the new value of a header. By doing
    so this can overwrite memory or cause a crash. This is not externally
    exploitable, unless dialplan is explicitly written to update a header based
    on data from an outside source. If the 'update' functionality is not used
    the vulnerability does not occur.


    PJSIP is a free and open source multimedia communication library written in
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
    higher level media transport which is stacked upon a lower level media
    transport such as UDP and ICE. Currently a higher level transport is not
    synchronized with its lower level transport that may introduce a
    use-after-free issue. This vulnerability affects applications that have
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
    transport other than UDP. This vulnerability’s impact may range from
    unexpected application termination to control flow hijack/memory


    It is possible to read any arbitrary file even when the `live_dangerously`
    option is not enabled.


    Asterisk is susceptible to a DoS due to a race condition in the hello
    handshake phase of the DTLS protocol when handling DTLS-SRTP for media
    setup. This attack can be done continuously, thus denying new DTLS-SRTP
    encrypted calls during the attack. Abuse of this vulnerability may lead to
    a massive Denial of Service on vulnerable Asterisk servers for calls that
    rely on DTLS-SRTP.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 1:16.28.0~dfsg-0+deb11u4.

    We recommend that you upgrade your asterisk packages.

    For the detailed security status of asterisk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/asterisk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+ sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU +k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)