Asterisk Security Release 20.15.2
Asterisk发布安全更新版本20.15.2,修复了因特定SIP请求中的Authorization头导致的崩溃问题。该版本通过检查是否存在匹配realm的auth头来避免空指针引用错误。 2025-9-8 21:55:26 Author: seclists.org(查看原文) 阅读量:5 收藏
Asterisk发布安全更新版本20.15.2,修复了因特定SIP请求中的Authorization头导致的崩溃问题。该版本通过检查是否存在匹配realm的auth头来避免空指针引用错误。 2025-9-8 21:55:26 Author: seclists.org(查看原文) 阅读量:5 收藏
Full Disclosure mailing list archives
From: Asterisk Development Team via Fulldisclosure <fulldisclosure () seclists org>
Date: Thu, 28 Aug 2025 15:05:16 +0000
The Asterisk Development Team would like to announce security release Asterisk 20.15.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.15.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.15.2 ## Change Log for Release asterisk-20.15.2 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.15.2.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/20.15.1...20.15.2) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20.15.2.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-64qc-9x89-rx5j](https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j): A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash ### User Notes: ### Upgrade Notes: ### Developer Notes: ### Commit Authors: - George Joseph: (1) ## Issue and Commit Detail: ### Closed Issues: - !GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash ### Commits By Author: - #### George Joseph (1): - res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. ### Commit List: - res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. ### Commit Details: #### res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. Author: George Joseph Date: 2025-08-28 In the highly-unlikely event that get_authorization_hdr() couldn't find an Authorization header in a request, trying to get the digest algorithm would cauase a SEGV. We now check that we have an auth header that matches the realm before trying to get the algorithm from it. Resolves: #GHSA-64qc-9x89-rx5j _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Asterisk Security Release 20.15.2 Asterisk Development Team via Fulldisclosure (Sep 08)
文章来源: https://seclists.org/fulldisclosure/2025/Sep/3
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh