[asterisk-announce] Critical Updates: Asterisk 1.2.22 and 1.4.8 released
The Asterisk Development Team
asteriskteam at digium.com
Tue Jul 17 17:22:21 CDT 2007
The Asterisk development team has released Asterisk versions 1.2.22 and
1.4.8.
These releases contain fixes for four critical security vulnerabilities.
One of these vulnerabilities is a remotely exploitable stack buffer
overflow, which could allow an attacker to execute arbitrary code on the
target machine. The other three are all remotely exploitable crash
vulnerabilities.
We have released Asterisk Security Advisories for each of the
vulnerabilities. The current version of each advisory can be downloaded
from the ftp site.
http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
* Affected systems include those that bridge calls between chan_iax2
and any channel driver that uses RTP for media
http://ftp.digium.com/pub/asa/ASA-2007-015.pdf
* Affected systems include any system that has chan_iax2 enabled
http://ftp.digium.com/pub/asa/ASA-2007-016.pdf
* Affected systems include any system that has chan_skinny enabled
http://ftp.digium.com/pub/asa/ASA-2007-017.pdf
* Affected systems include any 1.4 system that has any channel driver
that uses RTP for media enabled
All users that have systems that meet any of the criteria listed above
should upgrade as soon as possible.
Thank you very much for your support.
More information about the asterisk-announce
mailing list