-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 4 Jan 2024 19:05:44 CET Source: asterisk Architecture: source Version: 1:16.28.0~dfsg-0+deb11u4 Distribution: bullseye-security Urgency: high Maintainer: Debian VoIP Team Changed-By: Markus Koschany Checksums-Sha1: 0590e657d08f208eb8f9fccbe9a1c31294540614 4359 asterisk_16.28.0~dfsg-0+deb11u4.dsc 69439198e7a88afb49a83219fdd3479314aeda78 6870856 asterisk_16.28.0~dfsg-0+deb11u4.debian.tar.xz 5775e13f675a7400e2433634a8b764cc53c3ca9e 29266 asterisk_16.28.0~dfsg-0+deb11u4_amd64.buildinfo Checksums-Sha256: ff5337a9fda4c88d33fa2acc6fd453d361aa9afe34b1e5eefc5deeb81ec0a1e7 4359 asterisk_16.28.0~dfsg-0+deb11u4.dsc 90443c1e17423b4b4894de5e1c077c3e51d0b1890855be321235fe6f4f0b8d50 6870856 asterisk_16.28.0~dfsg-0+deb11u4.debian.tar.xz af7e6f0d77e3494549e6ff3529f79b0c4ca8766b836bb57bdb979d6a8deb7e23 29266 asterisk_16.28.0~dfsg-0+deb11u4_amd64.buildinfo Changes: asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high . * Non-maintainer upload. * Fix CVE-2023-37457: The 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. * Fix CVE-2023-38703: PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce a use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. * Fix CVE-2023-49294: It is possible to read any arbitrary file even when the `live_dangerously` option is not enabled. * Fix CVE-2023-49786: Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Files: aaa15c1433f6437c1a2dbc9f0234c5d8 4359 comm optional asterisk_16.28.0~dfsg-0+deb11u4.dsc 52abf2e8af28575644bdc0c72539237f 6870856 comm optional asterisk_16.28.0~dfsg-0+deb11u4.debian.tar.xz df61447cb86af1d39448043cf64966bb 29266 comm optional asterisk_16.28.0~dfsg-0+deb11u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWW9rFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkOO8P/Rt0ON6gkhK6NAmmCYV1W2fWdtfB8C9yh2iU ukdwqoUBI4Gr9RqTpbZeoA4sP12JIpOcl7xeLELjDja+sHLf8S6T/5H0+sR+JQdm KF2z7sHSenhgTyjx6NFXnpCEL78p8pDogTZ3Gd7gp+BcLFhtJdMYszZOPYJVMwSm +z5UeBvE5I7tHerhlo6HfKHBfA+dhYDpU+Aqm+ETzsWtertRN823Z5e4AySVOkOi t/aCxCC4+sjkyCnmM/eMZoueR+VnSQ4mbPISYtCcG3uK4WOMelTA4ycCqMP0CwvJ 2epBrD6lL500g0M9Yu9RsYDgu+uSj+mTN8kpMVYYZhOCFGHYw7Uj43RPyJi9AR2q SaKj/+00fNsVT/usL3QNGeLaZspM7GSNM0UWZd8S38jM2cxSokLTQZoawjfcgXBJ zEVRg6tEdDBge42Zk26dp36aou1AZntaJFQwWuw175VhvJi4VxnNGnWOxBLRquey Q3kP6Z/Te8qqHl5UovgrnpwfW+RZ5a6/l/pk8BHSqZ9BA3y0dKlmFuR7n4WFmDMN 6eXZzPERqDzMKFglwW0Ybtl0Bxg8FltKYweBSP1qWcrPw+YJD9BmVUzYWdgDzvGI HfOfFkfyMybBYgohmInIk0FemxKFPKRkFNvC80k4HYgCBtJ0lpN6a11EuTk92Ir9 iDJfaWc6 =qZbr -----END PGP SIGNATURE-----