Jonas Smedegaard pushed to branch upstream/latest at Debian VoIP Packaging Team / asterisk
Commits: eefd05bb by Jonas Smedegaard at 2025-01-12T20:14:15+01:00 New upstream version 22.1.1~dfsg+~cs6.14.60671435 - - - - - 4 changed files: - .version - CHANGES.md - + ChangeLogs/ChangeLog-22.1.1.md - main/manager.c Changes: ===================================== .version ===================================== @@ -1 +1 @@ -22.1.0 +22.1.1 ===================================== CHANGES.md ===================================== @@ -1 +1 @@ -ChangeLogs/ChangeLog-22.1.0.md \ No newline at end of file +ChangeLogs/ChangeLog-22.1.1.md \ No newline at end of file ===================================== ChangeLogs/ChangeLog-22.1.1.md ===================================== @@ -0,0 +1,65 @@ + +## Change Log for Release asterisk-22.1.1 + +### Links: + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.1.1.md) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.1.0...22.1.1) + - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-22.1.1.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) + +### Summary: + +- Commits: 1 +- Commit Authors: 1 +- Issues Resolved: 0 +- Security Advisories Resolved: 1 + - [GHSA-33x6-fj46-6rfh](https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh): Path traversal via AMI ListCategories allows access to outside files + +### User Notes: + +- #### manager.c: Restrict ListCategories to the configuration directory. + The ListCategories AMI action now restricts files to the + configured configuration directory. + + +### Upgrade Notes: + + +### Commit Authors: + +- Ben Ford: (1) + +## Issue and Commit Detail: + +### Closed Issues: + + - !GHSA-33x6-fj46-6rfh: Path traversal via AMI ListCategories allows access to outside files + +### Commits By Author: + +- #### Ben Ford (1): + - manager.c: Restrict ListCategories to the configuration directory. + + +### Commit List: + +- manager.c: Restrict ListCategories to the configuration directory. + +### Commit Details: + +#### manager.c: Restrict ListCategories to the configuration directory. + Author: Ben Ford + Date: 2024-12-17 + + When using the ListCategories AMI action, it was possible to traverse + upwards through the directories to files outside of the configured + configuration directory. This action is now restricted to the configured + directory and an error will now be returned if the specified file is + outside of this limitation. + + Resolves: #GHSA-33x6-fj46-6rfh + + UserNote: The ListCategories AMI action now restricts files to the + configured configuration directory. + ===================================== main/manager.c ===================================== @@ -2561,12 +2561,22 @@ static int action_listcategories(struct mansession *s, const struct message *m) struct ast_category *category = NULL; struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE }; int catcount = 0; + int ret = 0; if (ast_strlen_zero(fn)) { astman_send_error(s, m, "Filename not specified"); return 0; } + ret = restrictedFile(fn); + if (ret == 1) { + astman_send_error(s, m, "File requires escalated priveledges"); + return 0; + } else if (ret == -1) { + astman_send_error(s, m, "Config file not found"); + return 0; + } + if (!(cfg = ast_config_load2(fn, "manager", config_flags))) { astman_send_error(s, m, "Config file not found"); return 0; View it on GitLab: https://salsa.debian.org/pkg-voip-team/asterisk/-/commit/eefd05bbec9f64b57d46abfbf8028b5ccf1ab424 -- View it on GitLab: https://salsa.debian.org/pkg-voip-team/asterisk/-/commit/eefd05bbec9f64b57d46abfbf8028b5ccf1ab424 You're receiving this email because of your account on salsa.debian.org.
