VoIP Mailing List Archives :: View topic - [asterisk-users] Asterisk 1.8.15-cert4, 1.8.24.1, 10.12.4, 10.12.4-digiumphones, 11.2-cert3, 11.6.1 Now Available (Secur

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Asterisk 1.8.15-cert4, 1.8.24.1, 10.12.4, 10.12.4-digiumphones, 11.2-cert3, 11.6.1 Now Available (Secur

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

asteriskteam at digium...
Guest

Posted: Mon Dec 16, 2013 5:44 pm Post subject: [asterisk-users] Asterisk 1.8.15-cert4, 1.8.24.1, 10.12.4, 1

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4, 10.12.4-digiumphones, and 11.6.1. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolve the following issues: * A buffer overflow when receiving odd length 16 bit messages in app_sms. An infinite loop could occur which would overwrite memory when a message is received into the unpacksms16() function and the length of the message is an odd number of bytes. * Prevent permissions escalation in the Asterisk Manager Interface. Asterisk now marks certain individual dialplan functions as 'dangerous', which will inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. These issues and their resolutions are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2013-006 and AST-2013-007, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert4 http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.2-cert3 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.4 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.4-digiumphones http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.6.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2013-006.pdf * http://downloads.asterisk.org/pub/security/AST-2013-007.pdf Thank you for your continued support of Asterisk! -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum