ASTERISK - UPDATE DE SEGURANÇA

2008-03-19
2013-05-23
  • Marcelo Araujo
    Marcelo Araujo
    2008-03-19

    Senhores,

    Foi encontrado um BUG que afeta todas as versões do Asterisk incluindo a Business Edition fornecida pela Digium. O problema pode ser explorado remotamente e pode comprometer os sistemas que rodem qualquer versão do Asterisk.

    http://secunia.com/advisories/29426/
    http://downloads.digium.com/pub/security/AST-2008-003.html

    Já foram lançados UPDATES que corrigem este problema, todos os usuários do DISC-OS devem executar o seguinte comando:

    root# yum clean all
    root# yum update

    O asterisk vai ser atualizado da versão 1.2.24 para a versão 1.2.27. Para verificar se a atualização ocorreu de forma segura, execute o seguinte comando.

    root# rpm -qa | grep asterisk-1.2.27
    asterisk-1.2.27-1.unicall.DISC

    Atenciosamente.
    Marcelo Araujo
    araujo@disc-os.org

     
    • Fiz a atualização e recebi algumas msgs de erro. Abaixo segue o log...

      Last login: Tue Mar 11 17:41:27 2008 from 192.168.0.152
      [root@astra ~]# yum clean all
      yumCleaning up Everything
      0 headers removed
      0 packages removed
      9 metadata files removed
      0 cache files removed
      3 cache files removed
      [root@astra ~]# yum update
      Setting up Update Process
      Setting up repositories
      rpmforge                  100% |=========================| 1.1 kB    00:00
      base                      100% |=========================|  951 B    00:00
      update                    100% |=========================|  951 B    00:00
      Reading repository metadata in from local files
      primary.xml.gz            100% |=========================| 1.6 MB    01:58
      rpmforge  : ################################################## 6611/6611
      Added 6611 new packages, deleted 0 old in 34.27 seconds
      primary.xml.gz            100% |=========================|  187 B    00:00
      Added 0 new packages, deleted 0 old in 0.00 seconds
      primary.xml.gz            100% |=========================| 5.6 kB    00:00
      update    : ################################################## 13/13
      Added 13 new packages, deleted 0 old in 0.09 seconds
      Resolving Dependencies
      --> Populating transaction set with selected packages. Please wait.
      ---> Downloading header for libpri to pack into transaction set.
      libpri-1.2.4-1.el5.rf.i38 100% |=========================| 3.5 kB    00:00
      ---> Package libpri.i386 0:1.2.4-1.el5.rf set to be updated
      ---> Downloading header for speex to pack into transaction set.
      speex-1.0.5-1.el5.rf.i386 100% |=========================| 4.9 kB    00:00
      ---> Package speex.i386 0:1.0.5-1.el5.rf set to be updated
      ---> Downloading header for asterisk to pack into transaction set.
      asterisk-1.2.27-1.unicall 100% |=========================|  72 kB    00:01
      ---> Package asterisk.i386 0:1.2.27-1.unicall.DISC set to be updated
      ---> Downloading header for perl-rrdtool to pack into transaction set.
      perl-rrdtool-1.2.23-1.el5 100% |=========================| 4.3 kB    00:00
      ---> Package perl-rrdtool.i386 0:1.2.23-1.el5.rf set to be updated
      ---> Downloading header for perl-Net-Telnet to pack into transaction set.
      perl-Net-Telnet-3.03-1.2. 100% |=========================| 3.0 kB    00:00
      ---> Package perl-Net-Telnet.noarch 0:3.03-1.2.el5.rf set to be updated
      ---> Downloading header for rrdtool to pack into transaction set.
      rrdtool-1.2.23-1.el5.rf.i 100% |=========================|  21 kB    00:01
      ---> Package rrdtool.i386 0:1.2.23-1.el5.rf set to be updated
      ---> Downloading header for log4cpp to pack into transaction set.
      log4cpp-1.0-1.el5.rf.i386 100% |=========================| 109 kB    00:02
      ---> Package log4cpp.i386 0:1.0-1.el5.rf set to be updated
      ---> Downloading header for dnsmasq to pack into transaction set.
      dnsmasq-2.41-1.el5.rf.i38 100% |=========================|  11 kB    00:00
      ---> Package dnsmasq.i386 0:2.41-1.el5.rf set to be updated
      ---> Downloading header for perl-Filter to pack into transaction set.
      perl-Filter-1.34-1.el5.rf 100% |=========================|  13 kB    00:00
      ---> Package perl-Filter.i386 0:1.34-1.el5.rf set to be updated
      ---> Downloading header for swig to pack into transaction set.
      swig-1.3.25-1.el5.rf.i386 100% |=========================|  49 kB    00:02
      ---> Package swig.i386 0:1.3.25-1.el5.rf set to be updated
      --> Running transaction check
      --> Processing Dependency: rtld(GNU_HASH) for package: dnsmasq
      --> Processing Dependency: rtld(GNU_HASH) for package: perl-Filter
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: libpri
      --> Processing Dependency: libpng12.so.0(PNG12_0) for package: rrdtool
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: log4cpp
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: swig
      --> Processing Dependency: rtld(GNU_HASH) for package: rrdtool
      --> Processing Dependency: perl(Compress::Zlib) for package: perl-Filter
      --> Processing Dependency: perl >= 4:5.8.8 for package: rrdtool
      --> Processing Dependency: rtld(GNU_HASH) for package: libpri
      --> Processing Dependency: libstdc++.so.6(CXXABI_1.3.1) for package: log4cpp
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: dnsmasq
      --> Processing Dependency: rtld(GNU_HASH) for package: speex
      --> Processing Dependency: rtld(GNU_HASH) for package: perl-rrdtool
      --> Processing Dependency: rtld(GNU_HASH) for package: log4cpp
      --> Processing Dependency: rtld(GNU_HASH) for package: swig
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: rrdtool
      --> Processing Dependency: perl(Time::HiRes) for package: rrdtool
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: speex
      --> Restarting Dependency Resolution with new changes.
      --> Populating transaction set with selected packages. Please wait.
      ---> Downloading header for perl-Compress-Zlib to pack into transaction set.
      perl-Compress-Zlib-1.42-1 100% |=========================| 4.4 kB    00:00
      ---> Package perl-Compress-Zlib.i386 0:1.42-1.el5.rf set to be updated
      ---> Downloading header for perl-Time-HiRes to pack into transaction set.
      perl-Time-HiRes-1.9712-1. 100% |=========================| 4.5 kB    00:00
      ---> Package perl-Time-HiRes.i386 0:1.9712-1.el5.rf set to be updated
      --> Running transaction check
      --> Processing Dependency: rtld(GNU_HASH) for package: dnsmasq
      --> Processing Dependency: rtld(GNU_HASH) for package: perl-Filter
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: libpri
      --> Processing Dependency: libpng12.so.0(PNG12_0) for package: rrdtool
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: log4cpp
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: swig
      --> Processing Dependency: rtld(GNU_HASH) for package: rrdtool
      --> Processing Dependency: rtld(GNU_HASH) for package: perl-Compress-Zlib
      --> Processing Dependency: perl >= 4:5.8.8 for package: rrdtool
      --> Processing Dependency: rtld(GNU_HASH) for package: libpri
      --> Processing Dependency: libstdc++.so.6(CXXABI_1.3.1) for package: log4cpp
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: dnsmasq
      --> Processing Dependency: rtld(GNU_HASH) for package: speex
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: perl-Compress-Zlib
      --> Processing Dependency: rtld(GNU_HASH) for package: perl-rrdtool
      --> Processing Dependency: rtld(GNU_HASH) for package: perl-Time-HiRes
      --> Processing Dependency: rtld(GNU_HASH) for package: log4cpp
      --> Processing Dependency: rtld(GNU_HASH) for package: swig
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: rrdtool
      --> Processing Dependency: libc.so.6(GLIBC_2.4) for package: speex
      --> Finished Dependency Resolution
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package dnsmasq
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package perl-Filter
      Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package libpri
      Error: Missing Dependency: libpng12.so.0(PNG12_0) is needed by package rrdtool
      Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package log4cpp
      Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package swig
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package rrdtool
      Error: Missing Dependency: perl >= 4:5.8.8 is needed by package rrdtool
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package libpri
      Error: Missing Dependency: libstdc++.so.6(CXXABI_1.3.1) is needed by package log
      4cpp
      Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package dnsmasq
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package speex
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package perl-rrdtool
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package log4cpp
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package swig
      Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package rrdtool
      Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package speex
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package perl-Compress-Zli
      b
      Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package perl-Compre
      ss-Zlib
      Error: Missing Dependency: rtld(GNU_HASH) is needed by package perl-Time-HiRes

      Wemerson C. Guimarães
      Rio Verde - GO

       
      • Marcelo Araujo
        Marcelo Araujo
        2008-03-19

        Wemerson,

        Você deve ter mais de um repositorio configurado no seu servidor, o update deve ser feito apenas com o repositorio oficial do Disc-OS.

        Atenciosamente.
        Marcelo Araujo
        araujo@disc-os.org

         
    • Tenho sim, eu estava fazendo uns testes.

      Como eu faço remover os repositórios e deixar só os do disc?

       
    • Alguem mais tentou?

      Estou com 2 servidores em produção... é garantida a atualização?
      Agora não tenho nenhum para testes... isso me preocupa...