[AsteriskBrasil] Fwd: [asterisk-dev] Asterisk 1.4.15 and 1.2.25 Released
Denis Galvão
denisgalvao em gmail.com
Sexta Novembro 30 12:15:53 BRST 2007
--
Denis Galvão
AsteriskBrasil.org
Ajude a comunidade AsteriskBrasil.org, compre uma camiseta!
http://www.voipmania.com.br
Begin forwarded message:
> From: Asterisk Security Team <security em asterisk.org>
> Date: 29 de novembro de 2007 20h10min53s GMT-02:00
> To: undisclosed-recipients:;
> Subject: [asterisk-dev] Asterisk 1.4.15 and 1.2.25 Released
> Reply-To: Asterisk Developers Mailing List <asterisk-
> dev em lists.digium.com>
>
> The Asterisk.org development team has released Asterisk versions
> 1.4.15 and
> 1.2.25. These releases contain two fixes for security issues.
>
> http://downloads.digium.com/pub/asa/AST-2007-025.pdf
> * This is a SQL injection vulnerability in the res_config_pgsql
> module.
> Default installations of Asterisk are not affected. However, any
> system using
> the Postgres Realtime Engine may be remotely exploitable. This
> issue only
> affects Asterisk 1.4, as this module was not in Asterisk 1.2.
>
> http://downloads.digium.com/pub/asa/AST-2007-026.pdf
> * This is another SQL injection vulnerability. The input for the
> ANI and DNIS
> fields were not properly escaped. Default installations of
> Asterisk are not
> vulnerable. However, systems that use the Postgres CDR logging
> module may be
> remotely exploitable. This issue affects both Asterisk 1.2 and 1.4.
>
> Both releases are available on http://downloads.digium.com.
>
> Thank you very much for your support!
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
Mais detalhes sobre a lista de discussão AsteriskBrasil