tilghman at mail.jeffa...
Guest
|
 Posted: Wed Apr 23, 2008 8:52 am Post subject: [asterisk-users] AST-2008-006 - 3-way handshake in IAX2 inco |
 |
|
On Tuesday 22 April 2008 19:34, Brian J. Murrell wrote:
| Quote: | On Tue, 2008-04-22 at 17:58 -0500, Security Officer wrote:
| Quote: | Asterisk Project Security Advisory - AST-2008-006
|
So given that I'm new to asterisk's svn and bug tracking tool, is it
sufficient then to apply the two patches (iax_dcallno_check-1.2.rev3.txt
and iax_dcallno_check.rev9.txt) listed in
http://bugs.digium.com/view.php?id=10078 to a 1.4.11ish release to
correct this vulnerability? I really don't feel like buying into
any/all of the headaches that went into 1.4.11->1.4.20. You know, "if
it ain't broke don't fix it", and my corollary, "if it is broke, only
fix what's broke, don't try to make it better". 
|
Please understand that that's NOT the only security fix that has gone in
during that time. If this is the only thing that you fix, you're likely to be
vulnerable on several other levels. See our full list of security disclosures
at http://downloads.digium.com/pub/security/
--
Tilghman |
|
Search
