The Asterisk Development Team
2006-Jun-05 17:22 UTC
[Asterisk-Users] Asterisk 1.2.9 and 1.0.11 Released -- Security Fix
The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk 1.0.11 to address a security vulnerability in the IAX2 channel driver (chan_iax2). The vulnerability affects all users with IAX2 clients that might be compromised or used by a malicious user, and can lead to denial of service attacks and random Asterisk server crashes via a relatively trivial exploit. All users are urged to upgrade as soon as they can practically do so, or ensure that they don't expose IAX2 services to the public if it is not necessary. The release files are available in the usual place (ftp.digium.com), as both tarballs and patch files relative to the last release. In addition, both the tarballs and the patch files have been signed using GPG keys of the release maintainers, so that you can ensure their authenticity. Thank you for your support of Asterisk!
Zoa
2006-Jun-06 11:26 UTC
Idefisk security fix - was [Asterisk-Users] Asterisk 1.2.9 and 1.0.11 Released -- Security Fix
We released a critical update for idefisk. (Version 1.37 now ships with a patched iaxclient library). Everybody is urged to update asap. ( http://www.asteriskguru.com/idefisk/free/ ) A big thanks to coresecurity and Steve Kann for the early warning. Zoa. The Asterisk Development Team wrote:> The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk > 1.0.11 to address a security vulnerability in the IAX2 channel driver > (chan_iax2). The vulnerability affects all users with IAX2 clients that > might be compromised or used by a malicious user, and can lead to denial > of service attacks and random Asterisk server crashes via a relatively > trivial exploit. > > All users are urged to upgrade as soon as they can practically do so, or > ensure that they don't expose IAX2 services to the public if it is not > necessary. > > The release files are available in the usual place (ftp.digium.com), as > both tarballs and patch files relative to the last release. In addition, > both the tarballs and the patch files have been signed using GPG keys of > the release maintainers, so that you can ensure their authenticity. > > Thank you for your support of Asterisk! > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >