Bug#633481: asterisk: Security upgrade for Lenny missing ast_str_strlen symbol

Julien Cristau jcristau at debian.org
Sun Jul 10 17:40:53 UTC 2011 

This is a regression in the asterisk DSA for lenny, so cc:ing
team at security.

On Sun, Jul 10, 2011 at 11:58:57 -0500, Mike McCallister wrote:

> Package: asterisk
> Version: 1:1.4.21.2~dfsg-3+lenny3
> Severity: grave
> Justification: renders package unusable
> 
> 
> I installed the latest security patch for Asterisk on my Lenny system
> today. It starts successfully, but immediately exits. When I start it
> from the command line with the -v parameter, the last few lines of
> output are:
> 
> app_mixmonitor.so => (Mixed Audio Monitoring Application)
> app_authenticate.so => (Authentication Application)
> func_groupcount.so => (Channel group dialplan functions)
> app_milliwatt.so => (Digital Milliwatt (mu-law) Test Application)
> app_image.so => (Image Transmission Application)
> app_adsiprog.so => (Asterisk ADSI Programming Application)
> Asterisk Ready.
> asterisk: symbol lookup error: /usr/lib/asterisk/modules/chan_sip.so: undefined symbol: ast_str_strlen
> 
> To me, the last line of output suggests that the security fix to
> chan_sip uses a function named ast_str_strlen that isn't available in
> the Lenny version of asterisk.
> 
> Upong rolling back to the 1.4.21.2~dfsg-3+lenny2.1 version, asterisk
> starts fine. No changes to the configs were made with either the install
> or the rollback.
> 
> I marked this "grave" because my previously functioning installation
> became non-fuctioning. I suspect this will affect all users with SIP
> channels, which is I believe is a large percentage of users.
> 
> 
> Mike McCallister
> 
> 
> -- System Information:
> Debian Release: 5.0.3
>   APT prefers oldstable
>   APT policy: (991, 'oldstable'), (500, 'oldstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/3 CPU cores)
> Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages asterisk depends on:
> ii  adduser         3.110                    add and remove users and groups
> ii  asterisk-config 1:1.4.21.2~dfsg-3+lenny3 Configuration files for Asterisk
> ii  asterisk-sounds 1:1.4.21.2~dfsg-3+lenny3 Core Sound files for Asterisk (Eng
> ii  libasound2      1.0.16-2                 ALSA library
> ii  libc-client2007 7:2007b~dfsg-4+lenny3    c-client library for mail protocol
> ii  libc6           2.7-18lenny7             GNU C Library: Shared libraries
> ii  libcap2         2.11-2                   support for getting/setting POSIX.
> ii  libcurl3        7.18.2-8lenny5           Multi-protocol file transfer libra
> ii  libgcc1         1:4.3.2-1.1              GCC support library
> ii  libgsm1         1.0.12-1                 Shared libraries for GSM speech co
> ii  libiksemel3     1.2-4                    C library for the Jabber IM platfo
> ii  libncurses5     5.7+20081213-1           shared libraries for terminal hand
> ii  libnewt0.52     0.52.2-11.3+lenny1       Not Erik's Windowing Toolkit - tex
> ii  libogg0         1.1.3-4                  Ogg Bitstream Library
> ii  libpopt0        1.14-4                   lib for parsing cmdline parameters
> ii  libpq5          8.3.14-0lenny1           PostgreSQL C client library
> ii  libpri1.0       1.4.3-2                  Primary Rate ISDN specification li
> ii  libradiusclient 0.5.5-1                  Enhanced RADIUS client library
> ii  libsnmp15       5.4.1~dfsg-12            SNMP (Simple Network Management Pr
> ii  libspeex1       1.2~rc1-1                The Speex codec runtime library
> ii  libspeexdsp1    1.2~rc1-1                The Speex extended runtime library
> ii  libsqlite0      2.8.17-4                 SQLite shared library
> ii  libssl0.9.8     0.9.8g-15+lenny11        SSL shared libraries
> ii  libstdc++6      4.3.2-1.1                The GNU Standard C++ Library v3
> ii  libtonezone1    1:1.4.11~dfsg-3          tonezone library (runtime)
> ii  libvorbis0a     1.2.0.dfsg-3.1+lenny1    The Vorbis General Audio Compressi
> ii  libvorbisenc2   1.2.0.dfsg-3.1+lenny1    The Vorbis General Audio Compressi
> ii  libvpb0         4.2.38.1-1               Voicetronix telephony hardware use
> ii  unixodbc        2.2.11-16                ODBC tools libraries
> ii  zlib1g          1:1.2.3.3.dfsg-12        compression library - runtime
> 
> asterisk recommends no packages.
> 
> Versions of packages asterisk suggests:
> pn  asterisk-dev                  <none>     (no description available)
> pn  asterisk-doc                  <none>     (no description available)
> pn  asterisk-h323                 <none>     (no description available)
> pn  ekiga                         <none>     (no description available)
> pn  kphone                        <none>     (no description available)
> pn  ohphone                       <none>     (no description available)
> pn  twinkle                       <none>     (no description available)
> 
> -- no debconf information
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST at lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org
>

More information about the Pkg-voip-maintainers mailing list