[asterisk-dev] Asterisk 1.2.9.1 and 1.0.11.1 Released -- Security
Fix
Asterisk Development Team
asteriskteam at digium.com
Tue Jun 6 09:43:34 MST 2006
The Asterisk Development Team today re-released Asterisk 1.2.9.1 and
Asterisk 1.0.11.1 to address a security vulnerability in the IAX2
channel driver (chan_iax2). The vulnerability affects all users with
IAX2 clients that might be compromised or used by a malicious user, and
can lead to denial of service attacks and random Asterisk server crashes
via a relatively trivial exploit. These re-releases correct a problem
introduced by the vulnerability fix involving transport of video frames
over IAX2.
All users are urged to upgrade as soon as they can practically do so, or
ensure that they don't expose IAX2 services to the public if it is not
necessary.
The release files are available in the usual place (ftp.digium.com), as
both tarballs and patch files relative to the last release. In addition,
both the tarballs and the patch files have been signed using GPG keys of
the release maintainers, so that you can ensure their authenticity.
Thank you for your support of Asterisk!
More information about the asterisk-dev
mailing list