[asterisk-announce] Asterisk 1.4.17 Released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The Asterisk.org development team has released Asterisk version 1.4.17.  This
release contains a fix for a SIP security issue, as well as a number of other
bug fixes.

The security issue is documented in the published security advisory,
AST-2008-001.  The vulnerability allows an attacker to cause a crash in the SIP
channel driver with a properly crafted transfer.  This issue requires an
authenticated session that allows transfers to be exploited.  If unauthenticated
calls with transfer capability are allowed, then this issue could be exploited
with an unauthenticated session.  Also, this issue only affects Asterisk 1.4.
Asterisk 1.2 is not affected.  Systems that do not use chan_sip are also not
affected.

The security advisory is available at
http://downloads.digium.com/pub/security/AST-2008-001.pdf.

The release is available for immediate download from
http://downloads.digium.com/pub/telephony/asterisk/.

Thank you for your support!



[Index of Archives]     [Asterisk App Development]     [PJ SIP]     [Asterisk SS7]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]     [Asterisk Books]

  Powered by Linux