[asterisk-dev] [Fwd: Critical Updates: Asterisk 1.2.22 and 1.4.8 released]

[John Lange]

For anyone who might have missed it. Critical Asterisk update.

-------- Forwarded Message --------
> From: The Asterisk Development Team <asteriskteam at digium.com>
> Reply-To: Asterisk Developers Mailing List
> <asterisk-dev at lists.digium.com>
> To: undisclosed-recipients : ;
> Subject: [asterisk-dev] Critical Updates: Asterisk 1.2.22 and 1.4.8
> released
> Date: Tue, 17 Jul 2007 17:22:21 -0500
> 
> The Asterisk development team has released Asterisk versions 1.2.22 and
> 1.4.8.
> 
> These releases contain fixes for four critical security vulnerabilities.
>  One of these vulnerabilities is a remotely exploitable stack buffer
> overflow, which could allow an attacker to execute arbitrary code on the
> target machine.  The other three are all remotely exploitable crash
> vulnerabilities.
> 
> We have released Asterisk Security Advisories for each of the
> vulnerabilities.  The current version of each advisory can be downloaded
> from the ftp site.
> 
> http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
>  * Affected systems include those that bridge calls between chan_iax2
> and any channel driver that uses RTP for media
> 
> http://ftp.digium.com/pub/asa/ASA-2007-015.pdf
>  * Affected systems include any system that has chan_iax2 enabled
> 
> http://ftp.digium.com/pub/asa/ASA-2007-016.pdf
>  * Affected systems include any system that has chan_skinny enabled
> 
> http://ftp.digium.com/pub/asa/ASA-2007-017.pdf
>  * Affected systems include any 1.4 system that has any channel driver
> that uses RTP for media enabled
> 
> All users that have systems that meet any of the criteria listed above
> should upgrade as soon as possible.
> 
> Thank you very much for your support.
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> 
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev