[AsteriskBrasil] Fwd: [asterisk-dev] Asterisk 1.2.36, 1.4.26.3, 1.6.0.17, and 1.6.1.9 Now Available
Denis Galvão
denisgalvao em gmail.com
Quarta Novembro 4 18:39:47 BRST 2009
--
Denis Galvão
AsteriskBrasil.org
Ajude a comunidade AsteriskBrasil.org, compre uma camiseta!
http://www.voipmania.com.br
Begin forwarded message:
> From: Asterisk Development Team <asteriskteam em digium.com>
> Date: 4 de novembro de 2009 18h21min58s GMT-02:00
> To: asteriskteam em digium.com
> Subject: [asterisk-dev] Asterisk 1.2.36, 1.4.26.3, 1.6.0.17, and
> 1.6.1.9 Now Available
> Reply-To: Asterisk Developers Mailing List <asterisk-dev em lists.digium.com
> >
>
> The Asterisk Development Team has announced security releases for
> Asterisk as
> the following versions:
>
> * 1.2.36
> * 1.4.26.3
> * 1.6.0.17
> * 1.6.1.9
>
> These releases are available for immediate download at
> http://downloads.asterisk.org/pub/telephony/asterisk/
>
>
> The release of 1.2.36 resolves an issue where sending a REGISTER
> with a
> differing username in the From URI and Authorization header would
> reveal whether
> it was valid or not. For more information about the details of this
> vulnerability, please read the security advisory AST-2009-008, which
> was
> released at the same time as this announcement.
>
> The releases of Asterisk 1.4.26.3, 1.6.0.17, and 1.6.1.9 include the
> fix
> described in security advisory AST-2009-008, and also contain a fix
> where it
> may be possible for someone to execute a cross-site AJAX request
> exploit. For
> more information about the details of this vulnerability, please
> read the
> security advisory AST-2009-009, which was released at the same time
> as this
> announcement.
>
> In addition, Asterisk users may notice that we skipped the version
> number
> 1.6.0.16. This was intentional, in an effort to avoid confusion
> about what a
> particular release contains. Asterisk 1.6.0.16 had candidates for
> release made,
> so backtracking on those changes in a release with the same version
> number might
> be confusing. The next release candidate, which would have been
> 1.6.0.16-rc3,
> will be released with additional changes as 1.6.0.18-rc1.
>
> Also of note, that the previous release announcement for 1.6.1.8
> stated that the
> next set of 1.6.1 release candidates would be 1.6.1.9-rc1. As
> release candidates
> for 1.6.1.9 were not yet released, 1.6.1.9 is only a security
> release, and the
> next release candidate in the 1.6.1 series is expected to be
> 1.6.1.10-rc1.
>
> For a full list of changes in the current releases, please see the
> ChangeLog:
>
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.2.36
> http://downloads.asterisk.org/pub/telephony/asterisk/
> ChangeLog-1.4.26.3
> http://downloads.asterisk.org/pub/telephony/asterisk/
> ChangeLog-1.6.0.17
> http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.9
>
>
> Security advisory AST-2009-008 is available at:
>
> http://downloads.asterisk.org/pub/security/AST-2009-008.pdf
>
>
> Security advisory AST-2009-009 is available at:
>
> http://downloads.asterisk.org/pub/security/AST-2009-009.pdf
>
>
> Thank you for your continued support of Asterisk!
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
Mais detalhes sobre a lista de discussão AsteriskBrasil