[*] [Fwd: [asterisk-dev] Asterisk 1.2.9.1 and 1.0.11.1 Released --
Security Fix]
John Lange
john.lange at open-it.ca
Tue Jun 6 15:42:11 CDT 2006
Asterisk released a security fix today (twice actually).
-------- Forwarded Message --------
> From: Asterisk Development Team <asteriskteam at digium.com>
> Reply-To: Asterisk Developers Mailing List
> <asterisk-dev at lists.digium.com>
> To: Asterisk Developers Mailing List <asterisk-dev at lists.digium.com>
> Subject: [asterisk-dev] Asterisk 1.2.9.1 and 1.0.11.1 Released --
> Security Fix
> Date: Tue, 06 Jun 2006 11:43:34 -0500
>
> The Asterisk Development Team today re-released Asterisk 1.2.9.1 and
> Asterisk 1.0.11.1 to address a security vulnerability in the IAX2
> channel driver (chan_iax2). The vulnerability affects all users with
> IAX2 clients that might be compromised or used by a malicious user, and
> can lead to denial of service attacks and random Asterisk server crashes
> via a relatively trivial exploit. These re-releases correct a problem
> introduced by the vulnerability fix involving transport of video frames
> over IAX2.
>
> All users are urged to upgrade as soon as they can practically do so, or
> ensure that they don't expose IAX2 services to the public if it is not
> necessary.
>
> The release files are available in the usual place (ftp.digium.com), as
> both tarballs and patch files relative to the last release. In addition,
> both the tarballs and the patch files have been signed using GPG keys of
> the release maintainers, so that you can ensure their authenticity.
>
> Thank you for your support of Asterisk!
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
More information about the Asterisk
mailing list