Bug#847666: asterisk: AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Dec 12 15:48:53 UTC 2016
On Sat, Dec 10, 2016 at 03:52:26PM +0100, Salvatore Bonaccorso wrote:
> Source: asterisk
> Version: 1:13.12.2~dfsg-1
> Severity: grave
> Tags: security upstream patch
> Forwarded: https://issues.asterisk.org/jira/browse/ASTERISK-26579
>
> Hi
>
> AST-2016-008 was announced at
>
> http://downloads.asterisk.org/pub/security/AST-2016-008.html
>
> referencing patches as well for the 13.x release series.
>
> https://issues.asterisk.org/jira/browse/ASTERISK-26579
The patch does not seem to apply to the Debian package due to
opus.patch. It seems however that the original issue likewise doesn't,
as the code from opus.patch uses a different parsing of the Opus SDP
headers.
Attached a sipp scenario that crashes an unpatched upstream asterisk
13.13.0:
sipp 127.0.0.1:5060 -sf SDP.xml -m 1
If anyone wants to give a second look to opus.patch (and maybe also
amr.patch . vp8.patch looks more self-contained). The relevant upstream
code must have had some extra checks at this point.
Could someone else please double-check before closing this one?
(But yes, there's still AST-2016-009 in another open bug)
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sipp-AST-2016-008.xml
Type: application/xml
Size: 966 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20161212/590c8639/attachment.xml>
More information about the Pkg-voip-maintainers
mailing list