mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-14 15:53:29 +08:00
829777c1c9
Fixes the following security issues: - CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid SRTP packets When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 - CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj - CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the auth-messages parameter to true, it is not the default setting. https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 - CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m - CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 Release notes: https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 Removed patch, upstream applied a different fix: |
||
---|---|---|
.. | ||
0001-fix-build-SWITCH_BYTE_ORDER-__BIG_ENDIAN.patch | ||
0002-core-fix--disable-libyuv.patch | ||
Config.in | ||
freeswitch.hash | ||
freeswitch.mk |