The Asterisk Development Team
2007-Aug-21 20:15 UTC
[asterisk-users] Asterisk 1.4.11 released
The Asterisk development team has released version 1.4.11. This version contains numerous bug fixes. One of these is for a security issue in chan_sip. The issue is that SIP dialog history was being stored in memory regardless if the option for this was turned on or off. This could be abused to cause a system using chan_sip to run out of memory. The security issue is documented in AST-2007-020. Affected systems include any that are using chan_sip. Also, only Asterisk 1.4 is affected. Asterisk 1.2 is not vulnerable to this issue. * http://downloads.digium.com/pub/asa/AST-2007-020.pdf The name prefix for our security advisories has been changed from ASA to AST. The ASA scheme was already in use by another company before we started using it. This release is available for download from http://downloads.digium.com/pub/telephony/asterisk/. Thank you for your support!
The Asterisk Development Team wrote:> The Asterisk development team has released version 1.4.11.> This release is available for download from > http://downloads.digium.com/pub/telephony/asterisk/.Not quite. :) Regards, Philipp Kempgen -- amooma GmbH - Bachstr. 126 - 56566 Neuwied - http://www.amooma.de Let's use IT to solve problems and not to create new ones. Asterisk? -> http://www.das-asterisk-buch.de My pick of the month: rfc 2822 3.6.5 Gesch?ftsf?hrer: Stefan Wintermeyer Handelsregister: Neuwied B 14998