A denial of service flaw was found in the way Inter-Asterisk eXchange Version 2 (IAX2) channel driver of Asterisk, an open source telephony toolkit, processed established calls, being placed on hold state without a suggested music class. When the mohinterpret=passthrough setting was enabled, a particular call was established and that call was placed on hold state without corresponding music-on-hold class name, Asterisk would dereference invalid pointer for music-on-hold class name, leading to asterisk executable crash. References: [1] http://downloads.asterisk.org/pub/security/AST-2012-007.html [2] https://bugs.gentoo.org/show_bug.cgi?id=418189 Upstream patch (against the v1.8.x branch): [3] https://code.asterisk.org/code/rdiff/asterisk/branches/1.8/channels/chan_iax2.c?r1=366880&r2=367781&u&N Upstream ticket: [4] https://issues.asterisk.org/jira/browse/ASTERISK-19597 Important: Please note the patches listed in AST-2012-007 advisory [1]: http://downloads.asterisk.org/pub/security/AST-2012-006-1.8.diff http://downloads.asterisk.org/pub/security/AST-2012-006-1.8.diff http://downloads.asterisk.org/pub/security/AST-2012-006-1.8.diff being wrong (they are obviously result of advisory copy && paste issue, and are valid for previous AST-2012-006 case). Right patch is in [3] (for 1.8.x branch).
This issue affects the versions of the asterisk package, as shipped with Fedora release of 15 and 16. Please schedule an update. -- This issue affects the version of the asterisk package, as shipped with Fedora EPEL 6. Please schedule an update.
Created asterisk tracking bugs for this issue Affects: fedora-all [bug 826478] Affects: epel-6 [bug 826479]
Request to upstream to update AST-2012-007 patch links: [5] http://www.openwall.com/lists/oss-security/2012/05/30/3
asterisk-10.4.2-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-1.8.12.2-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-1.8.12.2-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-1.8.12.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.