The Asterisk Development Team
2007-Jul-17 22:22 UTC
[asterisk-users] Critical Updates: Asterisk 1.2.22 and 1.4.8 released
The Asterisk development team has released Asterisk versions 1.2.22 and 1.4.8. These releases contain fixes for four critical security vulnerabilities. One of these vulnerabilities is a remotely exploitable stack buffer overflow, which could allow an attacker to execute arbitrary code on the target machine. The other three are all remotely exploitable crash vulnerabilities. We have released Asterisk Security Advisories for each of the vulnerabilities. The current version of each advisory can be downloaded from the ftp site. http://ftp.digium.com/pub/asa/ASA-2007-014.pdf * Affected systems include those that bridge calls between chan_iax2 and any channel driver that uses RTP for media http://ftp.digium.com/pub/asa/ASA-2007-015.pdf * Affected systems include any system that has chan_iax2 enabled http://ftp.digium.com/pub/asa/ASA-2007-016.pdf * Affected systems include any system that has chan_skinny enabled http://ftp.digium.com/pub/asa/ASA-2007-017.pdf * Affected systems include any 1.4 system that has any channel driver that uses RTP for media enabled All users that have systems that meet any of the criteria listed above should upgrade as soon as possible. Thank you very much for your support.
Reasonably Related Threads
- Critical Updates: Asterisk 1.2.22 and 1.4.8 released
- ASA-2007-016: Remote crash vulnerability in Skinny channel driver
- ASA-2007-016: Remote crash vulnerability in Skinny channel driver
- ASA-2007-014: Stack buffer overflow in IAX2 channel driver
- ASA-2007-014: Stack buffer overflow in IAX2 channel driver