Bug#624148: asterisk-config: System goes down due to unattended-upgrades
John Goerzen
jgoerzen at complete.org
Tue May 3 14:52:11 UTC 2011
I would imagine that anyone that's following asterisk security will have
already obtained the patched config file (possibly not installed it, but
there it is..) so the best bet would likely to be to try not to change
it again in the next security update.
-- John
On 05/03/2011 09:37 AM, Tzafrir Cohen wrote:
> tag 624148 wontfix
> thanks
>
> On Mon, Apr 25, 2011 at 08:05:17PM -0500, John Goerzen wrote:
>> Package: asterisk-config
>> Version: 1:1.6.2.9-2+squeeze2
>> Severity: grave
>> Justification: renders package unusable
>>
>> I use unattended-upgrades to provide security updates. This normally works fine,
>> and although I expect that an upgrade might take down Asterisk for a few minutes,
>> this took the system down and did not bring it back up. I'm going to guess it was
>> related to this:
>
> Upstream added an important configuration option as part of a security
> fix (a gauge to control the limitations imposed the new restrictions
> against DoS attacks). It was important for those to get into the
> reference documentation.
>
> Sadly the reference config files are olso copied to /etc/asterisk. In
> retrospect I should have manually patched them at install time (that is:
> in the install target).
>
> However if I fix this now, we get the same issue with those who have
> already upgraded, which is why I tagged it as "wontfix". Any better
> suggestion?
>
More information about the Pkg-voip-maintainers
mailing list