similar to: AST-2007-025 - SQL Injection issue in res_config_pgsql

Asterisk Project Security Advisory - AST-2007-025 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in res_config_pgsql |

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdr_pgsql |

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdr_pgsql |

Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdr_addon_mysql |

Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdr_addon_mysql |

Asterisk Project Security Advisory - AST-2008-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Traffic amplification in IAX2 firmware | | |

Asterisk Project Security Advisory - AST-2008-010 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Asterisk IAX 'POKE' resource exhaustion |

Asterisk Project Security Advisory - AST-2009-005 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |

Asterisk Project Security Advisory - AST-2009-005 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |

Asterisk Project Security Advisory - AST-2008-005 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | HTTP Manager ID is predictable |

Asterisk Project Security Advisory - AST-2008-005 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | HTTP Manager ID is predictable |

Asterisk Project Security Advisory - AST-2008-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Unauthenticated calls allowed from SIP channel | | | driver

Asterisk Project Security Advisory - AST-2008-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Unauthenticated calls allowed from SIP channel | | | driver

Asterisk Project Security Advisory - AST-2009-008 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SIP responses expose valid usernames |

Asterisk Project Security Advisory - AST-2007-020 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Resource Exhaustion vulnerability in SIP channel | | | driver

Asterisk Project Security Advisory - AST-2007-020 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Resource Exhaustion vulnerability in SIP channel | | | driver

Hello, Just in case someone hasn't upgraded yet, and is using IAX2. -------- Original Message -------- Subject: AST-2009-006: IAX2 Call Number Resource Exhaustion Date: Thu, 03 Sep 2009 17:47:35 -0500 From: Asterisk Security Team <security at asterisk.org> To: bugtraq at securityfocus.com Asterisk Project Security Advisory - AST-2009-006

Hello, How do I use multiple postgresql databases using res_config_pgsql? I tried creating multiple contexts in res_pgsql.conf, but asterisk is only using the 'general' context. My res_pgsq.conf is [general] ;; Connect to mydb on localhost dbport=5432 dbname=mydb dbuser=pgdbuser requirements=warn [pgwritedb] ;; Connect to mydb2 on another host dbhost=<IP

Asterisk Project Security Advisory - AST-2008-007 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Asterisk installations using cryptographic keys | | | generated

Asterisk Project Security Advisory - AST-2008-012 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote crash vulnerability in IAX2 |