« back to all changes in this revision
Viewing changes to configs/manager.conf.sample
- Committer: Bazaar Package Importer
- Date: 2011-07-12 15:44:59 UTC
- Revision ID: james.westby@ubuntu.com-20110712154459-7mu5ot0yfv0l4o97
* SECURITY UPDATE: denial of service and possible code exection via
crafted UDPTL packet
- debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
main/udptl.c.
- CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
data
- debian/patches/AST-2011-003-1.6.2.diff: check for errors in
main/manager.c.
- CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
- debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
in main/tcptls.c.
- CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
- debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
limits to main/manager.c, configs/manager.conf.sample,
channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
configs/{skinny,sip,http}.conf.sample.
- CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
privilege check
- debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
main/manager.c.
- CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
driver
- debian/patches/AST-2011-008.diff: set proper length in
channels/chan_sip.c.
- CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
IAX2 channel driver crafted frame
- debian/patches/AST-2011-010-1.6.2.diff: validate options in
channels/chan_iax2.c, main/features.c.
- CVE-2011-2535
* SECURITY UPDATE: account name enumeration
- debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
channels/chan_sip.c.
- CVE-2011-2536
crafted UDPTL packet
- debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
main/udptl.c.
- CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
data
- debian/patches/AST-2011-003-1.6.2.diff: check for errors in
main/manager.c.
- CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
- debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
in main/tcptls.c.
- CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
- debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
limits to main/manager.c, configs/manager.conf.sample,
channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
configs/{skinny,sip,http}.conf.sample.
- CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
privilege check
- debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
main/manager.c.
- CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
driver
- debian/patches/AST-2011-008.diff: set proper length in
channels/chan_sip.c.
- CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
IAX2 channel driver crafted frame
- debian/patches/AST-2011-010-1.6.2.diff: validate options in
channels/chan_iax2.c, main/features.c.
- CVE-2011-2535
* SECURITY UPDATE: account name enumeration
- debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
channels/chan_sip.c.
- CVE-2011-2536
- files added:
- .pc/AST-2011-002-1.6.2.diff
- .pc/AST-2011-002-1.6.2.diff/main
- .pc/AST-2011-003-1.6.2.diff
- .pc/AST-2011-003-1.6.2.diff/main
- .pc/AST-2011-004-1.6.2.diff
- .pc/AST-2011-004-1.6.2.diff/main
- .pc/AST-2011-005-1.6.2.diff
- .pc/AST-2011-005-1.6.2.diff/channels
- .pc/AST-2011-005-1.6.2.diff/configs
- .pc/AST-2011-005-1.6.2.diff/main
- .pc/AST-2011-006-1.6.2.diff
- .pc/AST-2011-006-1.6.2.diff/main
- .pc/AST-2011-008.diff
- .pc/AST-2011-008.diff/channels
- .pc/AST-2011-010-1.6.2.diff
- .pc/AST-2011-010-1.6.2.diff/channels
- .pc/AST-2011-010-1.6.2.diff/main
- .pc/AST-2011-011-1.6.2.diff
- .pc/AST-2011-011-1.6.2.diff/channels
- files modified:
- .pc/applied-patches
added
removed
configs/manager.conf.sample
