VoIP Mailing List Archives :: View topic - [asterisk-users] Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Rele

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Rele

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

asteriskteam at digium...
Guest

Posted: Mon Oct 20, 2014 11:40 am Post subject: [asterisk-users] Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert2, 11.6-cert7, 1.8.31.1, 11.13.1, 12.6.1, and 13.0.0-beta3. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerability: * AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk is susceptible to the POODLE vulnerability in two ways: 1) The res_jabber and res_xmpp module both use SSLv3 exclusively for their encrypted connections. 2) The core TLS handling in Asterisk, which is used by the chan_sip channel driver, Asterisk Manager Interface (AMI), and Asterisk HTTP Server, by default allow a TLS connection to fallback to SSLv3. This allows for a MITM to potentially force a connection to fallback to SSLv3, exposing it to the POODLE vulnerability. These issues have been resolved in the versions released in conjunction with this security advisory. For more information about the details of this vulnerability, please read security advisory AST-2014-011, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert2 http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert7 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.31.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.13.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.6.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.0-beta3 The security advisory is available at: * http://downloads.asterisk.org/pub/security/AST-2014-011.pdf Thank you for your continued support of Asterisk! -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum