kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 11:06:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b35fd266d1b314e024d8feeb6a2a0ef654bfc629
asterisk/ChangeLogs/ChangeLog-21.10.1.md
Asterisk Development Team b35fd266d1 Update for 21.10.1
2025-07-31 16:33:22 +00:00

3.0 KiB
Raw Blame History

Change Log for Release asterisk-21.10.1

Links:

Summary:

  • Commits: 2
  • Commit Authors: 2
  • Issues Resolved: 0
  • Security Advisories Resolved: 2
    • GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
    • GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.

User Notes:

Upgrade Notes:

  • safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

    The safe_asterisk script now checks that, if it was run by the root user, the /etc/asterisk/startup.d directory and all the files it contains are owned by root. If the checks fail, safe_asterisk will exit with an error and Asterisk will not be started. Additionally, the default logging destination is now stderr instead of tty "9" which probably won't exist in modern systems.

Developer Notes:

Commit Authors:

  • George Joseph: (1)
  • ThatTotallyRealMyth: (1)

Issue and Commit Detail:

Closed Issues:

  • !GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
  • !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.

Commits By Author:

  • George Joseph (1):

    • res_stir_shaken: Test for missing semicolon in Identity header.

  • ThatTotallyRealMyth (1):

    • safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

Commit List:

  • safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
  • res_stir_shaken: Test for missing semicolon in Identity header.

Commit Details:

safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

Author: ThatTotallyRealMyth Date: 2025-06-10

UpgradeNote: The safe_asterisk script now checks that, if it was run by the root user, the /etc/asterisk/startup.d directory and all the files it contains are owned by root. If the checks fail, safe_asterisk will exit with an error and Asterisk will not be started. Additionally, the default logging destination is now stderr instead of tty "9" which probably won't exist in modern systems.

Resolves: #GHSA-v9q8-9j8m-5xwp

res_stir_shaken: Test for missing semicolon in Identity header.

Author: George Joseph Date: 2025-07-31

ast_stir_shaken_vs_verify() now makes sure there's a semicolon in the Identity header to prevent a possible segfault.

Resolves: #GHSA-mrq5-74j5-f5cr