Bug#633481: asterisk: Security upgrade for Lenny missing ast_str_strlen symbol
Mike McCallister
mike at mccllstr.com
Sun Jul 10 16:58:57 UTC 2011
Package: asterisk
Version: 1:1.4.21.2~dfsg-3+lenny3
Severity: grave
Justification: renders package unusable
I installed the latest security patch for Asterisk on my Lenny system
today. It starts successfully, but immediately exits. When I start it
from the command line with the -v parameter, the last few lines of
output are:
app_mixmonitor.so => (Mixed Audio Monitoring Application)
app_authenticate.so => (Authentication Application)
func_groupcount.so => (Channel group dialplan functions)
app_milliwatt.so => (Digital Milliwatt (mu-law) Test Application)
app_image.so => (Image Transmission Application)
app_adsiprog.so => (Asterisk ADSI Programming Application)
Asterisk Ready.
asterisk: symbol lookup error: /usr/lib/asterisk/modules/chan_sip.so: undefined symbol: ast_str_strlen
To me, the last line of output suggests that the security fix to
chan_sip uses a function named ast_str_strlen that isn't available in
the Lenny version of asterisk.
Upong rolling back to the 1.4.21.2~dfsg-3+lenny2.1 version, asterisk
starts fine. No changes to the configs were made with either the install
or the rollback.
I marked this "grave" because my previously functioning installation
became non-fuctioning. I suspect this will affect all users with SIP
channels, which is I believe is a large percentage of users.
Mike McCallister
-- System Information:
Debian Release: 5.0.3
APT prefers oldstable
APT policy: (991, 'oldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages asterisk depends on:
ii adduser 3.110 add and remove users and groups
ii asterisk-config 1:1.4.21.2~dfsg-3+lenny3 Configuration files for Asterisk
ii asterisk-sounds 1:1.4.21.2~dfsg-3+lenny3 Core Sound files for Asterisk (Eng
ii libasound2 1.0.16-2 ALSA library
ii libc-client2007 7:2007b~dfsg-4+lenny3 c-client library for mail protocol
ii libc6 2.7-18lenny7 GNU C Library: Shared libraries
ii libcap2 2.11-2 support for getting/setting POSIX.
ii libcurl3 7.18.2-8lenny5 Multi-protocol file transfer libra
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libgsm1 1.0.12-1 Shared libraries for GSM speech co
ii libiksemel3 1.2-4 C library for the Jabber IM platfo
ii libncurses5 5.7+20081213-1 shared libraries for terminal hand
ii libnewt0.52 0.52.2-11.3+lenny1 Not Erik's Windowing Toolkit - tex
ii libogg0 1.1.3-4 Ogg Bitstream Library
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libpq5 8.3.14-0lenny1 PostgreSQL C client library
ii libpri1.0 1.4.3-2 Primary Rate ISDN specification li
ii libradiusclient 0.5.5-1 Enhanced RADIUS client library
ii libsnmp15 5.4.1~dfsg-12 SNMP (Simple Network Management Pr
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libspeexdsp1 1.2~rc1-1 The Speex extended runtime library
ii libsqlite0 2.8.17-4 SQLite shared library
ii libssl0.9.8 0.9.8g-15+lenny11 SSL shared libraries
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libtonezone1 1:1.4.11~dfsg-3 tonezone library (runtime)
ii libvorbis0a 1.2.0.dfsg-3.1+lenny1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.2.0.dfsg-3.1+lenny1 The Vorbis General Audio Compressi
ii libvpb0 4.2.38.1-1 Voicetronix telephony hardware use
ii unixodbc 2.2.11-16 ODBC tools libraries
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
asterisk recommends no packages.
Versions of packages asterisk suggests:
pn asterisk-dev <none> (no description available)
pn asterisk-doc <none> (no description available)
pn asterisk-h323 <none> (no description available)
pn ekiga <none> (no description available)
pn kphone <none> (no description available)
pn ohphone <none> (no description available)
pn twinkle <none> (no description available)
-- no debconf information
More information about the Pkg-voip-maintainers
mailing list