List Info

Thread: (Critical Updates) Asterisk 1.2.27, 1.4.18.1, 1.4.19-rc3, 1.6.0-beta6 Released
(Critical Updates) Asterisk 1.2.27, 1.4.18.1, 1.4.19-rc3, 1.6.0-beta6 Released
country flaguser name
United States		 2008-03-18 15:54:00 
The Asterisk.org development team has released four new
versions of Asterisk to
address critical security vulnerabilities.

AST-2008-002 details two buffer overflows that were
discovered in RTP codec
payload type handling.
 * http://downloads.digium.com/pub/security/AST-2008-002.p
df
 * All users of SIP in Asterisk 1.4 and 1.6 are affected.

AST-2008-003 details a vulnerability which allows an
attacker to bypass SIP
authentication and to make a call into the context specified
in the general
section of sip.conf.
 * http://downloads.digium.com/pub/security/AST-2008-003.p
df
 * All users of SIP in Asterisk 1.0, 1.2, 1.4, or 1.6 are
affected.

AST-2008-004 details some format string vulnerabilities that
were found in the
code handling the Asterisk logger and the Asterisk manager
interface.
 * http://downloads.digium.com/pub/security/AST-2008-004.p
df
 * All users of Asterisk 1.6 are affected.

Asterisk 1.2.27 and 1.4.18.1 are releases that only contain
changes to fix these
security vulnerabilities.

In addition to fixes for these security issues, 1.4.19-rc3
and 1.6.0-beta6
contain a number of other bug fixes over the previous
release candidates and
beta releases for the upcoming 1.4.19 and 1.6.0 releases.

We encourage all affected users of these security
vulnerabilities to upgrade
their installations as time permits.

Thank you for your continued support of Asterisk!

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.c
om--

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: (Critical Updates) Asterisk 1.2.27, 1.4.18.1, 1.4.19-rc3, 1.6.0-beta6 Released
country flaguser name
France		 2008-03-19 06:02:00 
On Tue, 18 Mar 2008 15:54:00 -0500, The Asterisk Development
Team
<asteriskteamdigium.com> wrote:

> The Asterisk.org development team has released four new
versions of
> Asterisk to address critical security vulnerabilities.

Are patches to previous versions made available or does one
have to
download a full new version?

-- 
Godwin Stewart - Horwich IT services

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.c
om--

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: (Critical Updates) Asterisk 1.2.27, 1.4.18.1, 1.4.19-rc3, 1.6.0-beta6 Released
country flaguser name
United States		 2008-03-19 08:35:32 
Horwich IT Services (Godwin Stewart) wrote:
> On Tue, 18 Mar 2008 15:54:00 -0500, The Asterisk
Development Team
> <asteriskteamdigium.com> wrote:
> 
>> The Asterisk.org development team has released four
new versions of
>> Asterisk to address critical security
vulnerabilities.
> 
> Are patches to previous versions made available or does
one have to
> download a full new version?
> 

We always distribute patch sets against the previous
releases.  They are 
available on downloads.digium.com along with the tarballs. 
Both the tarballs 
and patch sets are distributed with a sha1 sum and are
signed with gpg keys by a 
number of the Digium developers.

-- 
Russell Bryant
Senior Software Engineer
Open Source Team Lead
Digium, Inc.

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.c
om--

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )