asterisk: CVE-2019-13161: AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

Debian Bug report logs - #931981
asterisk: CVE-2019-13161: AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: asterisk: CVE-2019-13161: AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

Date: Sat, 13 Jul 2019 10:55:33 +0200

Package: asterisk
Version: 1:16.2.1~dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://issues.asterisk.org/jira/browse/ASTERISK-28465

Hi,

The following vulnerability was published for asterisk.

CVE-2019-13161[0]:
| An issue was discovered in Asterisk Open Source through 13.27.0, 14.x
| and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified
| Asterisk through 13.21-cert3. A pointer dereference in chan_sip while
| handling SDP negotiation allows an attacker to crash Asterisk when
| handling an SDP answer to an outgoing T.38 re-invite. To exploit this
| vulnerability an attacker must cause the chan_sip module to send a
| T.38 re-invite request to them. Upon receipt, the attacker must send
| an SDP answer containing both a T.38 UDPTL stream and another media
| stream containing only a codec (which is not permitted according to
| the chan_sip configuration).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-13161
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161
[1] https://issues.asterisk.org/jira/browse/ASTERISK-28465
[2] https://downloads.asterisk.org/pub/security/AST-2019-003.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 931981-close@bugs.debian.org (full text, mbox, reply):

From: Bernhard Schmidt <berni@debian.org>

To: 931981-close@bugs.debian.org

Subject: Bug#931981: fixed in asterisk 1:16.2.1~dfsg-2

Date: Sat, 13 Jul 2019 22:19:41 +0000

Source: asterisk
Source-Version: 1:16.2.1~dfsg-2

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 931981@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Jul 2019 23:47:36 +0200
Source: asterisk
Architecture: source
Version: 1:16.2.1~dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Closes: 931980 931981
Changes:
 asterisk (1:16.2.1~dfsg-2) unstable; urgency=high
 .
   * AST-2019-002 / CVE-2019-12827
     Buffer overflow in res_pjsip_messaging (Closes: #931980)
   * AST-2019-003 / CVE-2019-13161
     Remote Crash Vulnerability in chan_sip (Closes: #931981)
Checksums-Sha1:
 cdbeb14a663de46f57f9e4a3cf613d0d354f6c54 4232 asterisk_16.2.1~dfsg-2.dsc
 817209bff2e126e4127114361f3791a93bc48b01 3764716 asterisk_16.2.1~dfsg-2.debian.tar.xz
 f9e25407c92b65a324f81f080a84763f83931939 26875 asterisk_16.2.1~dfsg-2_amd64.buildinfo
Checksums-Sha256:
 b90c39aea64e831356f3126673fe6f46189f7008717d68df8d5d887a4169694d 4232 asterisk_16.2.1~dfsg-2.dsc
 45a2a8d75c929eb140126e10c9d58507a738d3153504110227b5aab025217a9e 3764716 asterisk_16.2.1~dfsg-2.debian.tar.xz
 124729ccb0a84a44ac04178dbd6b7d36118ceefe2b23a95243a879e6ab4cc90c 26875 asterisk_16.2.1~dfsg-2_amd64.buildinfo
Files:
 a75d6fa387b94da189220bdc9596ad08 4232 comm optional asterisk_16.2.1~dfsg-2.dsc
 62ad0dc7550aeed7d522fc42c384e333 3764716 comm optional asterisk_16.2.1~dfsg-2.debian.tar.xz
 86ea61de1e041a3b39105357f86c945d 26875 comm optional asterisk_16.2.1~dfsg-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAl0qU3cRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJNTPQ//fRBWTjeFfkD/UKIGzKa30aa4VLcwuk00
yP1Nx+czdI1rTspKwbrk7bhdknYQ3UD5NEps0xHkNTMUh/yDCe4hvd9yHCEQ0Cei
/9LKbIXdGGH6mqJVf0dokGTujMy0UuceovUTWcsUSK5+OzZhN3cRBng2to1QX2Vm
6QIrrRXIm1S+CGHH5pLsGeflY2r2m+kdZjaqj5fKXcF5cY6Xm2gydyCwlZjxGzr9
PV+TJFIxreud6PYrmCIoW9T/vR5SWjPpLkdMpLLOJVylqv8pWrBlKnzaRFe/S4wr
PsDphSk1k9+ICWYUxcgRXAw4VeXUv3NXP+Hx4kIlNzCJ8lCnxyR+T5cUYaAKwLhi
8nnoB1VJOnhaDs8y/HwjOgaBAlHkgkVrpFeaa30dujN53XSIcXZqXMzBnK+quz9l
n54dV3Xe23sIjqdJOOEMk6O2LF+uwOZnFEJFER32jh544YqWm4UqLNYXEoyp40lc
/hs/+bwFCvornNCsFW2NMtVurhXT5/UsnKqa9/iyIByOCwPNVHMKIXQ3eevPSYhe
w2gOHyyh9RQyUMjJHeT28jB7CEa1BXK9wFFIv6veyLNmdSxxe6ydLtvp9Dlx1SMh
EpjzezDynUhP5aUM48m02e07dizRSBS1xb46M+fOO4a7OqbJz0ZMxWdIfikwWWnC
4Z3HyIvsqms=
=caDP
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.