[AsteriskBrasil] Fwd: [asterisk-dev] Asterisk 1.2.36, 1.4.26.3, 1.6.0.17, and 1.6.1.9 Now Available

Denis Galvão denisgalvao em gmail.com
Quarta Novembro 4 18:39:47 BRST 2009


--
Denis Galvão
AsteriskBrasil.org

Ajude a comunidade AsteriskBrasil.org, compre uma camiseta!
http://www.voipmania.com.br


Begin forwarded message:

> From: Asterisk Development Team <asteriskteam em digium.com>
> Date: 4 de novembro de 2009 18h21min58s GMT-02:00
> To: asteriskteam em digium.com
> Subject: [asterisk-dev] Asterisk 1.2.36, 1.4.26.3, 1.6.0.17, and  
> 1.6.1.9 Now Available
> Reply-To: Asterisk Developers Mailing List <asterisk-dev em lists.digium.com 
> >
>
> The Asterisk Development Team has announced security releases for  
> Asterisk as
> the following versions:
>
>  * 1.2.36
>  * 1.4.26.3
>  * 1.6.0.17
>  * 1.6.1.9
>
> These releases are available for immediate download at
>   http://downloads.asterisk.org/pub/telephony/asterisk/
>
>
> The release of 1.2.36 resolves an issue where sending a REGISTER  
> with a
> differing username in the From URI and Authorization header would  
> reveal whether
> it was valid or not. For more information about the details of this
> vulnerability, please read the security advisory AST-2009-008, which  
> was
> released at the same time as this announcement.
>
> The releases of Asterisk 1.4.26.3, 1.6.0.17, and 1.6.1.9 include the  
> fix
> described in security advisory AST-2009-008, and also contain a fix   
> where it
> may be possible for someone to execute a cross-site AJAX request  
> exploit. For
> more information about the details of this vulnerability, please  
> read the
> security advisory AST-2009-009, which was released at the same time  
> as this
> announcement.
>
> In addition, Asterisk users may notice that we skipped the version  
> number
> 1.6.0.16. This was intentional, in an effort to avoid confusion  
> about what a
> particular release contains. Asterisk 1.6.0.16 had candidates for  
> release made,
> so backtracking on those changes in a release with the same version  
> number might
> be confusing. The next release candidate, which would have been  
> 1.6.0.16-rc3,
> will be released with additional changes as 1.6.0.18-rc1.
>
> Also of note, that the previous release announcement for 1.6.1.8  
> stated that the
> next set of 1.6.1 release candidates would be 1.6.1.9-rc1. As  
> release candidates
> for 1.6.1.9 were not yet released, 1.6.1.9 is only a security  
> release, and the
> next release candidate in the 1.6.1 series is expected to be  
> 1.6.1.10-rc1.
>
> For a full list of changes in the current releases, please see the  
> ChangeLog:
>
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.2.36
> http://downloads.asterisk.org/pub/telephony/asterisk/ 
> ChangeLog-1.4.26.3
> http://downloads.asterisk.org/pub/telephony/asterisk/ 
> ChangeLog-1.6.0.17
> http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.9
>
>
> Security advisory AST-2009-008 is available at:
>
> http://downloads.asterisk.org/pub/security/AST-2009-008.pdf
>
>
> Security advisory AST-2009-009 is available at:
>
> http://downloads.asterisk.org/pub/security/AST-2009-009.pdf
>
>
> Thank you for your continued support of Asterisk!
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev



Mais detalhes sobre a lista de discussão AsteriskBrasil