VoIP Mailing List Archives :: View topic - [asterisk-users] Asterisk 11.6-cert9, 11.14.2, 12.7.2, 13.0.2 Now Available (Security Release)

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Asterisk 11.6-cert9, 11.14.2, 12.7.2, 13.0.2 Now Available (Security Release)

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

asteriskteam at digium...
Guest

Posted: Wed Dec 10, 2014 1:30 pm Post subject: [asterisk-users] Asterisk 11.6-cert9, 11.14.2, 12.7.2, 13.0.

The Asterisk Development Team has announced security releases for Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available security releases are released as versions 11.6-cert9, 11.14.2, 12.7.2, and 13.0.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerability: * AST-2014-019: Remote Crash Vulnerability in WebSocket Server When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the session was subsequently torn down this memory would get freed yet again causing a crash. For more information about the details of this vulnerability, please read security advisory AST-2014-019, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert9 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.7.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.2 The security advisory is available at: * http://downloads.asterisk.org/pub/security/AST-2014-019.pdf Thank you for your continued support of Asterisk! -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum