[asterisk-dev] Critical Updates: Asterisk 1.2.22 and 1.4.8 released

The Asterisk Development Team asteriskteam at digium.com
Tue Jul 17 17:22:21 CDT 2007


The Asterisk development team has released Asterisk versions 1.2.22 and
1.4.8.

These releases contain fixes for four critical security vulnerabilities.
 One of these vulnerabilities is a remotely exploitable stack buffer
overflow, which could allow an attacker to execute arbitrary code on the
target machine.  The other three are all remotely exploitable crash
vulnerabilities.

We have released Asterisk Security Advisories for each of the
vulnerabilities.  The current version of each advisory can be downloaded
from the ftp site.

http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
 * Affected systems include those that bridge calls between chan_iax2
and any channel driver that uses RTP for media

http://ftp.digium.com/pub/asa/ASA-2007-015.pdf
 * Affected systems include any system that has chan_iax2 enabled

http://ftp.digium.com/pub/asa/ASA-2007-016.pdf
 * Affected systems include any system that has chan_skinny enabled

http://ftp.digium.com/pub/asa/ASA-2007-017.pdf
 * Affected systems include any 1.4 system that has any channel driver
that uses RTP for media enabled

All users that have systems that meet any of the criteria listed above
should upgrade as soon as possible.

Thank you very much for your support.



More information about the asterisk-dev mailing list