[asterisk-users] AST-2008-006 - 3-way handshake in IAX2 incomplete
Matt Watson
mwatson at becon.org
Wed Apr 23 00:06:41 CDT 2008
I can;t imagine what headaches you'd have going from 1.4.11 to 1.4.19.1... that is a minor version upgrade... no real change in functionality.... thats basically 8 versions of bug fixes... if you just apply the IAX2 patch, you'll be fixing 1 out of probably a hundreds of bugs. Going from 1.4.x to 1.6.x however... you'd run into some headaches probably... but if you are staying in the 1.4 series you shouldn;t have any problems... worst case is if its broke you just make install your 1.4.11 overtop of 1.4.19.1 to revert back.
--
Matt
________________________________________
From: asterisk-users-bounces at lists.digium.com [asterisk-users-bounces at lists.digium.com] On Behalf Of Brian J. Murrell [brian at interlinx.bc.ca]
Sent: Tuesday, April 22, 2008 8:34 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] AST-2008-006 - 3-way handshake in IAX2 incomplete
On Tue, 2008-04-22 at 17:58 -0500, Security Officer wrote:
> Asterisk Project Security Advisory - AST-2008-006
So given that I'm new to asterisk's svn and bug tracking tool, is it
sufficient then to apply the two patches (iax_dcallno_check-1.2.rev3.txt
and iax_dcallno_check.rev9.txt) listed in
http://bugs.digium.com/view.php?id=10078 to a 1.4.11ish release to
correct this vulnerability? I really don't feel like buying into
any/all of the headaches that went into 1.4.11->1.4.20. You know, "if
it ain't broke don't fix it", and my corollary, "if it is broke, only
fix what's broke, don't try to make it better". :-)
Thanx,
b.
More information about the asterisk-users
mailing list