Asterisk Security Release 21.10.2
Asterisk发布安全更新21.10.2,修复因特定畸形SIP请求导致的崩溃漏洞。修复检查是否存在授权头以避免空指针。 2025-9-8 21:55:24 Author: seclists.org(查看原文) 阅读量:6 收藏
fulldisclosure logo

Full Disclosure mailing list archives

From: Asterisk Development Team via Fulldisclosure <fulldisclosure () seclists org>
Date: Thu, 28 Aug 2025 15:04:39 +0000
The Asterisk Development Team would like to announce security release  
Asterisk 21.10.2.

The release artifacts are available for immediate download at  
https://github.com/asterisk/asterisk/releases/tag/21.10.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.10.2


## Change Log for Release asterisk-21.10.2

### Links:

 - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.2.html)  
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.1...21.10.2)  
 - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.10.2.tar.gz)  
 - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)  

### Summary:

- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
  - [GHSA-64qc-9x89-rx5j](https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j): A specifically 
malformed Authorization header in an incoming SIP request can cause Asterisk to crash

### User Notes:


### Upgrade Notes:


### Developer Notes:


### Commit Authors:

- George Joseph: (1)

## Issue and Commit Detail:

### Closed Issues:

  - !GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk 
to crash

### Commits By Author:

- #### George Joseph (1):
  - res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.


### Commit List:

-  res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.

### Commit Details:

#### res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.
  Author: George Joseph
  Date:   2025-08-28

  In the highly-unlikely event that get_authorization_hdr() couldn't find an
  Authorization header in a request, trying to get the digest algorithm
  would cauase a SEGV.  We now check that we have an auth header that matches
  the realm before trying to get the algorithm from it.

  Resolves: #GHSA-64qc-9x89-rx5j

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • Asterisk Security Release 21.10.2 Asterisk Development Team via Fulldisclosure (Sep 08)

文章来源: https://seclists.org/fulldisclosure/2025/Sep/2
如有侵权请联系:admin#unsafe.sh