Some buffer overflow issues were found in freeswitch: http://openwall.com/lists/oss-security/2013/07/04/4 An upstream bug report and possibly a patch to fix it are linked there. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Freeswitch 1.2.12 pushed in testing
Thanks Daniel! Advisory: ======================== Updated freeswitch packages fix security vulnerability: In FreeSWITCH before 1.2.12, if the routing configuration includes regular expressions that don't constrain the length of the input, buffer overflows are possible. Since these regular expressions are matched against untrusted input, remote code execution may be possible (CVE-2013-2238). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2238 http://openwall.com/lists/oss-security/2013/07/01/11 http://jira.freeswitch.org/browse/FS-5566 ======================== Updated packages in core/updates_testing: ======================== freeswitch-1.2.12-1.mga3 libfreeswitch1-1.2.12-1.mga3 libfreeswitch-devel-1.2.12-1.mga3 freeswitch-application-abstraction-1.2.12-1.mga3 freeswitch-application-avmd-1.2.12-1.mga3 freeswitch-application-blacklist-1.2.12-1.mga3 freeswitch-application-callcenter-1.2.12-1.mga3 freeswitch-application-cidlookup-1.2.12-1.mga3 freeswitch-application-conference-1.2.12-1.mga3 freeswitch-application-curl-1.2.12-1.mga3 freeswitch-application-db-1.2.12-1.mga3 freeswitch-application-directory-1.2.12-1.mga3 freeswitch-application-distributor-1.2.12-1.mga3 freeswitch-application-easyroute-1.2.12-1.mga3 freeswitch-application-enum-1.2.12-1.mga3 freeswitch-application-esf-1.2.12-1.mga3 freeswitch-application-expr-1.2.12-1.mga3 freeswitch-application-fifo-1.2.12-1.mga3 freeswitch-application-fsk-1.2.12-1.mga3 freeswitch-application-fsv-1.2.12-1.mga3 freeswitch-application-hash-1.2.12-1.mga3 freeswitch-application-httapi-1.2.12-1.mga3 freeswitch-application-http-cache-1.2.12-1.mga3 freeswitch-application-lcr-1.2.12-1.mga3 freeswitch-application-limit-1.2.12-1.mga3 freeswitch-application-memcache-1.2.12-1.mga3 freeswitch-application-nibblebill-1.2.12-1.mga3 freeswitch-application-redis-1.2.12-1.mga3 freeswitch-application-rss-1.2.12-1.mga3 freeswitch-application-ha_cluster-1.2.12-1.mga3 freeswitch-application-sms-1.2.12-1.mga3 freeswitch-application-snapshot-1.2.12-1.mga3 freeswitch-application-snom-1.2.12-1.mga3 freeswitch-application-soundtouch-1.2.12-1.mga3 freeswitch-application-spy-1.2.12-1.mga3 freeswitch-application-stress-1.2.12-1.mga3 freeswitch-application-valet_parking-1.2.12-1.mga3 freeswitch-application-voicemail-1.2.12-1.mga3 freeswitch-application-voicemail-ivr-1.2.12-1.mga3 freeswitch-asrtts-flite-1.2.12-1.mga3 freeswitch-asrtts-pocketsphinx-1.2.12-1.mga3 freeswitch-asrtts-tts-commandline-1.2.12-1.mga3 freeswitch-asrtts-unimrcp-1.2.12-1.mga3 freeswitch-codec-passthru-amr-1.2.12-1.mga3 freeswitch-codec-passthru-amrwb-1.2.12-1.mga3 freeswitch-codec-bv-1.2.12-1.mga3 freeswitch-codec-celt-1.2.12-1.mga3 freeswitch-codec-codec2-1.2.12-1.mga3 freeswitch-codec-passthru-g723_1-1.2.12-1.mga3 freeswitch-codec-passthru-g729-1.2.12-1.mga3 freeswitch-codec-h26x-1.2.12-1.mga3 freeswitch-codec-ilbc-1.2.12-1.mga3 freeswitch-codec-isac-1.2.12-1.mga3 freeswitch-codec-mp4v-1.2.12-1.mga3 freeswitch-codec-opus-1.2.12-1.mga3 freeswitch-codec-silk-1.2.12-1.mga3 freeswitch-codec-speex-1.2.12-1.mga3 freeswitch-codec-theora-1.2.12-1.mga3 freeswitch-directory-ldap-1.2.12-1.mga3 freeswitch-endpoint-dingaling-1.2.12-1.mga3 freeswitch-endpoint-portaudio-1.2.12-1.mga3 freeswitch-endpoint-rtmp-1.2.12-1.mga3 freeswitch-endpoint-skinny-1.2.12-1.mga3 freeswitch-freetdm-1.2.12-1.mga3 freeswitch-endpoint-skypopen-1.2.12-1.mga3 dkms-skypopen-1.2.12-1.mga3 freeswitch-event-cdr-mongodb-1.2.12-1.mga3 freeswitch-event-cdr-pg-csv-1.2.12-1.mga3 freeswitch-event-cdr-sqlite-1.2.12-1.mga3 freeswitch-event-erlang-event-1.2.12-1.mga3 freeswitch-event-multicast-1.2.12-1.mga3 freeswitch-event-json-cdr-1.2.12-1.mga3 freeswitch-event-snmp-1.2.12-1.mga3 freeswitch-format-local-stream-1.2.12-1.mga3 freeswitch-format-native-file-1.2.12-1.mga3 freeswitch-format-portaudio-stream-1.2.12-1.mga3 freeswitch-format-shell-stream-1.2.12-1.mga3 freeswitch-format-mod-shout-1.2.12-1.mga3 freeswitch-format-tone-stream-1.2.12-1.mga3 freeswitch-lua-1.2.12-1.mga3 freeswitch-perl-1.2.12-1.mga3 freeswitch-python-1.2.12-1.mga3 freeswitch-lang-en-1.2.12-1.mga3 freeswitch-lang-es-1.2.12-1.mga3 freeswitch-lang-pt-1.2.12-1.mga3 freeswitch-lang-ru-1.2.12-1.mga3 freeswitch-lang-fr-1.2.12-1.mga3 freeswitch-lang-de-1.2.12-1.mga3 freeswitch-lang-he-1.2.12-1.mga3 freeswitch-timer-posix-1.2.12-1.mga3 freeswitch-xml-cdr-1.2.12-1.mga3 freeswitch-xml-curl-1.2.12-1.mga3 freeswitch-config-vanilla-1.2.12-1.mga3 freeswitch-sounds-en-1.2.12-1.mga3 freeswitch-sounds-moh-1.2.12-1.mga3 freeswitch-sounds-ru-1.2.12-1.mga3 freeswitch-sounds-es-1.2.12-1.mga3 freeswitch-sounds-fr-1.2.12-1.mga3 freeswitch-sounds-sv-1.2.12-1.mga3 nagios-check_freeswitch-1.2.12-1.mga3 from freeswitch-1.2.12-1.mga3.src.rpm
CC: (none) => luis.daniel.lucioVersion: Cauldron => 3Assignee: luis.daniel.lucio => qa-bugsWhiteboard: MGA3TOO => (none)
Some info for testing: http://wiki.freeswitch.org/wiki/Linux_Quick_Install_Guide#Test_a_SIP_Phone
Whiteboard: (none) => has_procedure
SIP client software include ekiga, linphone, qutecom
Testing mga3 64 - freeswitch service fails to start. Not sure what the issue is. # service freeswitch status Redirecting to /bin/systemctl status freeswitch.service freeswitch.service - The FREESwitch Server Loaded: loaded (/usr/lib/systemd/system/freeswitch.service; enabled) Active: failed (Result: exit-code) since Tue, 2013-08-20 16:16:55 BST; 4s ago Process: 1663 ExecStop=/usr/bin/freeswitch -stop (code=exited, status=0/SUCCESS) Process: 1653 ExecStart=/usr/bin/freeswitch -nc $FREESWITCH_PARAMS (code=exited, status=0/SUCCESS) Main PID: 1655 (code=exited, status=255) CGroup: name=systemd:/system/freeswitch.service freeswitch[1653]: 1655 Backgrounding. systemd[1]: Started The FREESwitch Server. systemd[1]: freeswitch.service: main process exited, code=exited, status=255/n/a freeswitch[1663]: Killing: 1655 systemd[1]: Unit freeswitch.service entered failed state It leaves a pid file behind owned by root which seems wrong, given that the directory is owned by freeswitch:daemon # ll /run/freeswitch/ total 4 -rw------- 1 root root 4 Aug 20 16:18 freeswitch.pid # ll -d /run/freeswitch/ drwxr-x--- 2 freeswitch daemon 60 Aug 20 16:18 /run/freeswitch// Starting manually gives an error but may be missing some options.. # freeswitch 2013-08-20 16:21:50.947592 [INFO] switch_event.c:596 Activate Eventing Engine. 2013-08-20 16:21:50.948042 [WARNING] switch_event.c:570 Create additional event dispatch thread 0 2013-08-20 16:21:50.948134 [ERR] switch_xml.c:1385 Couldnt open /etc/freeswitch/freeswitch.xml (No such file or directory) Cannot Initialize [Cannot Open log directory or XML Root!] # ll /etc/freeswitch/ total 24 -rwxr-x--- 1 freeswitch daemon 18814 Aug 17 19:26 autoload_configs* -rw------- 1 root daemon 13 Aug 20 15:52 freeswitch.serial
The PID file is fine, just means the process that created it was running as root, but that won't cause any problems. It looks like it's missing a default configuration file (freeswitch.xml), and I was under the impression from the description of the security issue that there is supposed to be a default configuration file. Daniel, any advice?
Whiteboard: has_procedure => has_procedure feedback
There must be a missing conflict there somewhere as it does start after uninstalling all freeswitch packages and just installing a minimal set with 'urpmi freeswitch' # urpmi freeswitch To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release") gdbm 1.10 3.mga3 x86_64 (medium "Core Updates Testing") freeswitch 1.2.12 1.mga3 x86_64 freeswitch-lang-en 1.2.12 1.mga3 x86_64 (suggested) lib64freeswitch1 1.2.12 1.mga3 x86_64
Still something wrong though.. systemd[1]: Started The FREESwitch Server. systemd[1]: freeswitch.service: main process exited, code=exited, status=255/n/a Confirmed it isn't running with ps and netstat
Again it's leaving the pid, so something not right. The pid prevents it from starting again, and stopping the failed service doesn't remove it. Once removed manually the service claims to be active again but is actually failing as above.
Also, when installed, it selects the correct language (freeswitch-lang-en) but doesn't install the relevant sounds package (freeswitch-sounds-en)
Daniel tells me that the default config file freeswitch.xml is in the freeswitch-config-vanilla subpackage. Possibly that package could be suggested (although it would make more sense to Suggests: freeswitch-config and have freeswitch-config-vanilla Provides: freeswitch-config so organizations could make their own package providing it), or just documented in a README.install.urpmi or something like that.
Submited with next changes - new provides to config-vanilla in order to let 3th party packages to providle their own configuration - new sugest in lang package to let user installs sounds
Thanks Daniel. freeswitch-1.2.12-2.mga3 is building now.
Whiteboard: has_procedure feedback => has_procedure
freeswitch-1.2.12-3.mga3 is built now, with another minor change to the config package.
It now installs 52 packages with 'urpmi freeswitch' including the correct lang and sounds but it still fails to start, sorry. An interesting new error message though which returns no results from google :\ systemd[1]: Starting The FREESwitch Server... freeswitch[10670]: /usr/bin/freeswitch: symbol lookup error: /usr/bin/freeswitch: undefined symbol: SWITCH_GLOBAL_filenames systemd[1]: Failed to start The FREESwitch Server. systemd[1]: Unit freeswitch.service entered failed state
please paste me output from command line, with not options
# freeswitch 2013-08-29 21:02:54.895254 [INFO] switch_event.c:596 Activate Eventing Engine. 2013-08-29 21:02:54.905714 [WARNING] switch_event.c:570 Create additional event dispatch thread 0 2013-08-29 21:02:54.928594 [ERR] switch_xml.c:1385 Couldnt open /etc/freeswitch/freeswitch.xml (No such file or directory) Cannot Initialize [Cannot Open log directory or XML Root!]
(In reply to claire robinson from comment #17) > # freeswitch > 2013-08-29 21:02:54.895254 [INFO] switch_event.c:596 Activate Eventing > Engine. > 2013-08-29 21:02:54.905714 [WARNING] switch_event.c:570 Create additional > event dispatch thread 0 > 2013-08-29 21:02:54.928594 [ERR] switch_xml.c:1385 Couldnt open > /etc/freeswitch/freeswitch.xml (No such file or directory) > Cannot Initialize [Cannot Open log directory or XML Root!] No symbol error now? Doesn't freeswitch.xml exist now that you have freeswitch-config-vanilla installed?
# ll /etc/freeswitch/ total 24 -rwxr-x--- 1 freeswitch daemon 18814 Aug 23 20:51 autoload_configs* -rw------- 1 root daemon 13 Aug 20 15:52 freeswitch.serial # rpm -q freeswitch-config-vanilla freeswitch-config-vanilla-1.2.12-3.mga3
ha, freeswitch.xml is missing, im pushing a new build,
Daniel, the change you just made will not fix this. You just made it so that it will own /etc/freeswitch (which is good), but it still will not have /etc/freeswitch/freeswitch.xml in the package, because of this: #config(noreplace) %attr(0660, freeswitch, daemon) %{_sysconfdir}/*.xml Notice that it's commented out. If freeswitch.xml really exists in the buildroot, the build should fail complaining about unpackaged files, so I'm guessing there's also something missing in the %install section to make it actually install freeswitch.xml to %{buildroot}/etc/freeswitch/ in the first place.
Try latest build,
Thanks Daniel. This should be fixed in freeswitch-1.2.12-5.mga3.
Now it's freeswitch-1.2.12-6.mga3.
Did it work for you?
Nobody's tested it since the last build. They'll leave a note here once they do.
Advisory 10743.adv committed to svn.
CC: (none) => davidwhodgins
Is the something-1.0-1.mga2 supposed to be in 10743.adv?
(In reply to David Walser from comment #28) > Is the something-1.0-1.mga2 supposed to be in 10743.adv? Nope. Thanks for catching that. When the script is run to add an advisory, the template starts out as ... type: security subject: Updated [package] package fixes [something] CVE: - first CVE - second CVE src: 2: core: - something-1.0-1.mga2 3: core: - something-1.0-1.mga3 description: | Advisory text to describe the update. Wrap lines at ~75 chars. references: - https://bugs.mageia.org/show_bug.cgi?id=00000 The 00000 is replaced by the bug number. After adding the other parts, I forgot to delete the lines for the Mageia 2 source rpms. The advisory has been corrected.
The service can now be started after installing using "urpmi -ya freeswitch", but it cannot be restarted, as the pid file does not get deleted.
Sorry, I was wrong about the pid file not getting deleted. I'm getting inconsistent results ... [root@x3v ~]# systemctl restart freeswitch.service [root@x3v ~]# systemctl status freeswitch.service freeswitch.service - The FREESwitch Server Loaded: loaded (/usr/lib/systemd/system/freeswitch.service; enabled) Active: failed (Result: exit-code) since Sun, 2013-09-15 18:59:42 EDT; 7s ago Process: 26180 ExecStop=/usr/bin/freeswitch -stop (code=exited, status=255) Process: 26173 ExecStart=/usr/bin/freeswitch -nc $FREESWITCH_PARAMS (code=exited, status=0/SUCCESS) Main PID: 22972 (code=exited, status=0/SUCCESS) CGroup: name=systemd:/system/freeswitch.service Sep 15 18:59:38 x3v.hodgins.homeip.net systemd[1]: Starting The FREESwitch Server... Sep 15 18:59:38 x3v.hodgins.homeip.net systemd[1]: Started The FREESwitch Server. Sep 15 18:59:38 x3v.hodgins.homeip.net freeswitch[26173]: 26175 Backgrounding. Sep 15 18:59:42 x3v.hodgins.homeip.net freeswitch[26180]: Cannot open pid file /run/freeswitch/freeswitch.pid. Sep 15 18:59:42 x3v.hodgins.homeip.net systemd[1]: Unit freeswitch.service entered failed state [root@x3v ~]# ll /run/freeswitch/freeswitch.pid ls: cannot access /run/freeswitch/freeswitch.pid: No such file or directory [root@x3v ~]# systemctl restart freeswitch.service [root@x3v ~]# systemctl status freeswitch.service freeswitch.service - The FREESwitch Server Loaded: loaded (/usr/lib/systemd/system/freeswitch.service; enabled) Active: active (running) since Sun, 2013-09-15 19:07:31 EDT; 3s ago Process: 26180 ExecStop=/usr/bin/freeswitch -stop (code=exited, status=255) Process: 26514 ExecStart=/usr/bin/freeswitch -nc $FREESWITCH_PARAMS (code=exited, status=0/SUCCESS) Main PID: 26516 (freeswitch) CGroup: name=systemd:/system/freeswitch.service รข 26516 /usr/bin/freeswitch -nc Sep 15 19:07:31 x3v.hodgins.homeip.net freeswitch[26514]: 26516 Backgrounding. Sep 15 19:07:31 x3v.hodgins.homeip.net systemd[1]: Started The FREESwitch Server.
I can't recreate the problem with restarting, and as this is a security update involving the possibility of remote code execution, I'm going ahead and validating the update. Someone from the sysadmin team please push 10743.adv to updates.
Keywords: (none) => validated_updateWhiteboard: has_procedure feedback => has_procedure MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0279.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/567504/