[asterisk-dev] Asterisk 13.13-cert3, 13.14.1, 14.3.1 Now Available (Security Release)
Gaston Draque
gaston.draque at gmail.com
Tue Apr 4 10:11:03 CDT 2017
These 13.13 links seem 404d
[x]
http://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-13.13-current.tar.gz
[x]
http://downloads.asterisk.org/pub/telephony/certified-asterisk/ChangeLog-certified-13.13-current
[x]
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.13-cert3
Regards,
Gaston Draque//
On Tue, Apr 4, 2017 at 11:55 AM, Asterisk Development Team <
asteriskteam at digium.com> wrote:
> The Asterisk Development Team has announced security releases for
> Certified Asterisk 13.13 and Asterisk 13 and 14. The available security
> releases are released as versions 13.13-cert3, 13.14.1, and 14.3.1.
>
> These releases are available for immediate download at
>
> http://downloads.asterisk.org/pub/telephony/asterisk/releases
>
> The release of these versions resolves the following security
> vulnerabilities:
>
> * AST-2017-001: Buffer overflow in CDR's set user
> No size checking is done when setting the user field on a CDR. Thus,
> it is possible for someone to use an arbitrarily large string and write
> past
> the end of the user field storage buffer. This allows the possibility
> of remote
> code injection.
>
> For a full list of changes in the current releases, please see the
> ChangeLogs:
>
> http://downloads.asterisk.org/pub/telephony/certified-asteri
> sk/releases/ChangeLog-13.13-cert3
> http://downloads.asterisk.org/pub/telephony/asterisk/release
> s/ChangeLog-13.14.1
> http://downloads.asterisk.org/pub/telephony/asterisk/release
> s/ChangeLog-14.3.1
>
> The security advisories are available at:
>
> * http://downloads.asterisk.org/pub/security/AST-2017-001.pdf
>
> Thank you for your continued support of Asterisk!
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20170404/9fe39f7a/attachment.html>
More information about the asterisk-dev
mailing list