[asterisk-announce] Asterisk 1.4.15 and 1.2.25 Released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The Asterisk.org development team has released Asterisk versions 1.4.15 and
1.2.25.  These releases contain two fixes for security issues.

http://downloads.digium.com/pub/asa/AST-2007-025.pdf
 * This is a SQL injection vulnerability in the res_config_pgsql module.
Default installations of Asterisk are not affected.  However, any system using
the Postgres Realtime Engine may be remotely exploitable.  This issue only
affects Asterisk 1.4, as this module was not in Asterisk 1.2.

http://downloads.digium.com/pub/asa/AST-2007-026.pdf
 * This is another SQL injection vulnerability.  The input for the ANI and DNIS
fields were not properly escaped.  Default installations of Asterisk are not
vulnerable.  However, systems that use the Postgres CDR logging module may be
remotely exploitable.  This issue affects both Asterisk 1.2 and 1.4.

Both releases are available on http://downloads.digium.com.

Thank you very much for your support!



[Index of Archives]     [Asterisk App Development]     [PJ SIP]     [Asterisk SS7]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]     [Asterisk Books]

  Powered by Linux