Idefisk security fix - was [Asterisk-Users] Asterisk 1.2.9 and 1.0.11
Released -- Security Fix
Zoa
zoachien at securax.org
Tue Jun 6 11:26:20 MST 2006
We released a critical update for idefisk. (Version 1.37 now ships with
a patched iaxclient library).
Everybody is urged to update asap. (
http://www.asteriskguru.com/idefisk/free/ )
A big thanks to coresecurity and Steve Kann for the early warning.
Zoa.
The Asterisk Development Team wrote:
> The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk
> 1.0.11 to address a security vulnerability in the IAX2 channel driver
> (chan_iax2). The vulnerability affects all users with IAX2 clients that
> might be compromised or used by a malicious user, and can lead to denial
> of service attacks and random Asterisk server crashes via a relatively
> trivial exploit.
>
> All users are urged to upgrade as soon as they can practically do so, or
> ensure that they don't expose IAX2 services to the public if it is not
> necessary.
>
> The release files are available in the usual place (ftp.digium.com), as
> both tarballs and patch files relative to the last release. In addition,
> both the tarballs and the patch files have been signed using GPG keys of
> the release maintainers, so that you can ensure their authenticity.
>
> Thank you for your support of Asterisk!
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list