View previous topic :: View next topic |
Author |
Message |
asteriskteam at digium... Guest
|
Posted: Tue Mar 18, 2008 3:54 pm Post subject: [asterisk-users] (Critical Updates) Asterisk 1.2.27, 1.4.18. |
|
|
The Asterisk.org development team has released four new versions of Asterisk to
address critical security vulnerabilities.
AST-2008-002 details two buffer overflows that were discovered in RTP codec
payload type handling.
* http://downloads.digium.com/pub/security/AST-2008-002.pdf
* All users of SIP in Asterisk 1.4 and 1.6 are affected.
AST-2008-003 details a vulnerability which allows an attacker to bypass SIP
authentication and to make a call into the context specified in the general
section of sip.conf.
* http://downloads.digium.com/pub/security/AST-2008-003.pdf
* All users of SIP in Asterisk 1.0, 1.2, 1.4, or 1.6 are affected.
AST-2008-004 details some format string vulnerabilities that were found in the
code handling the Asterisk logger and the Asterisk manager interface.
* http://downloads.digium.com/pub/security/AST-2008-004.pdf
* All users of Asterisk 1.6 are affected.
Asterisk 1.2.27 and 1.4.18.1 are releases that only contain changes to fix these
security vulnerabilities.
In addition to fixes for these security issues, 1.4.19-rc3 and 1.6.0-beta6
contain a number of other bug fixes over the previous release candidates and
beta releases for the upcoming 1.4.19 and 1.6.0 releases.
We encourage all affected users of these security vulnerabilities to upgrade
their installations as time permits.
Thank you for your continued support of Asterisk! |
|
Back to top |
|
|
adriavidal at gmail.com Guest
|
Posted: Wed Mar 19, 2008 3:35 am Post subject: [asterisk-users] (Critical Updates) Asterisk 1.2.27, 1.4.18. |
|
|
Is asterisk-1.4-current.tar.gz(13-Mar-2008 15:06 11M) not the same
as asterisk-1.4.18.1.tar.gz (18-Mar-2008 12:24 11M ) ?
Should be? |
|
Back to top |
|
|
tzafrir.cohen at xorco... Guest
|
Posted: Wed Mar 19, 2008 4:19 am Post subject: [asterisk-users] (Critical Updates) Asterisk 1.2.27, 1.4.18. |
|
|
On Wed, Mar 19, 2008 at 09:35:45AM +0100, Adri? Vidal wrote:
Quote: | Is asterisk-1.4-current.tar.gz(13-Mar-2008 15:06 11M) not the same
as asterisk-1.4.18.1.tar.gz (18-Mar-2008 12:24 11M ) ?
Should be?
|
At the moment, it is.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir |
|
Back to top |
|
|
|