The Asterisk development team has released version 1.4.11. This version contains numerous bug fixes. One of these is for a security issue in chan_sip. The issue is that SIP dialog history was being stored in memory regardless if the option for this was turned on or off. This could be abused to cause a system using chan_sip to run out of memory. The security issue is documented in AST-2007-020. Affected systems include any that are using chan_sip. Also, only Asterisk 1.4 is affected. Asterisk 1.2 is not vulnerable to this issue. * http://downloads.digium.com/pub/asa/AST-2007-020.pdf The name prefix for our security advisories has been changed from ASA to AST. The ASA scheme was already in use by another company before we started using it. This release is available for download from http://downloads.digium.com/pub/telephony/asterisk/. Thank you for your support!
|