thr3ads.net - asterisk users - [asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 Released [Apr 2008]

If this information is useful, please help other people find it:
Share via:

The Asterisk Development Team

2008-Apr-22 23:05 UTC

[asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 Released

The Asterisk development team has released versions 1.2.28, 1.4.19.1, and
1.6.0-beta8.

All of these releases contain a security patch for the vulnerability described
in the AST-2008-006 security advisory.  1.6.0-beta8 is also a regular update to
the 1.6.0 series with a number of bug fixes over the previous beta release.

Early last year, we made some modifications to the IAX2 channel driver to combat
potential usage of IAX2 in traffic amplification attacks.  Unfortunately, our
fix was not complete and we were not notified of this until the original
reporter of the issue decided to release information on how to exploit it to the
public.

This issue affects all users of IAX2 that have allowed non-authenticated calls.
 For more information on the vulnerability, see the published security advisory.

 * http://downloads.digium.com/pub/security/AST-2008-006.pdf

All releases are available for download from the following location:

 * http://downloads.digium.com/pub/telephony/asterisk/

Thank you for your continued support of Asterisk!


_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-announce mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-announce

Tony Mountifield

2008-Apr-23 09:19 UTC

head link

[asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 Released

In article <480E6F23.8050909 at digium.com>,
The Asterisk Development Team <asteriskteam at digium.com>
wrote:> The Asterisk development team has released versions 1.2.28, 1.4.19.1, and
> 1.6.0-beta8.
> 
> All of these releases contain a security patch for the vulnerability
described
> in the AST-2008-006 security advisory.  1.6.0-beta8 is also a regular
update to
> the 1.6.0 series with a number of bug fixes over the previous beta release.
That advisory states that the fix is in 1.4.20, not 1.4.19.1. Why was the 1.4
release tagged as 1.4.19.1?

Personally, I prefer all releases to be x.y.z, and don't see the point in
doing
an x.y.z.a just because a change is small.

Cheers
Tony
-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org

Apparently Analagous Threads

Search for more apparently analagous threads

asterisk users - Apr 2008 - Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 Released

[asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 Released

[asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 Released

Apparently Analagous Threads