[asterisk-dev] Asterisk 13.13-cert3, 13.14.1, 14.3.1 Now Available (Security Release)
Asterisk Development Team
asteriskteam at digium.com
Tue Apr 4 09:55:22 CDT 2017
The Asterisk Development Team has announced security releases for
Certified Asterisk
13.13 and Asterisk 13 and 14. The available security releases are released
as versions 13.13-cert3, 13.14.1, and 14.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of these versions resolves the following security
vulnerabilities:
* AST-2017-001: Buffer overflow in CDR's set user
No size checking is done when setting the user field on a CDR. Thus,
it is possible for someone to use an arbitrarily large string and write
past
the end of the user field storage buffer. This allows the possibility of
remote
code injection.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/certified-
asterisk/releases/ChangeLog-13.13-cert3
http://downloads.asterisk.org/pub/telephony/asterisk/
releases/ChangeLog-13.14.1
http://downloads.asterisk.org/pub/telephony/asterisk/
releases/ChangeLog-14.3.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2017-001.pdf
Thank you for your continued support of Asterisk!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20170404/a4fdb4be/attachment.html>
More information about the asterisk-dev
mailing list