[AsteriskBrasil] Fwd: [asterisk-dev] Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 Released
Denis Galvao
denisgalvao em gmail.com
Terça Fevereiro 2 21:44:41 BRST 2010
---------- Forwarded message ----------
From: Asterisk Development Team <asteriskteam em digium.com>
Date: Tue, 02 Feb 2010 17:28:59 -0500
Subject: [asterisk-dev] Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 Released
To: asteriskteam em digium.com
The Asterisk Development Team has announced security releases for Asterisk as
the following versions:
* 1.6.0.22
* 1.6.1.14
* 1.6.2.2
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix
described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over SIP can remotely
crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain
either a negative or exceptionally large value. The same crash will occur when
the FaxMaxDatagram field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please read the
security advisory AST-2009-009, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.22
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.2
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
Thank you for your continued support of Asterisk!
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
--
Enviado do meu celular
Mais detalhes sobre a lista de discussão AsteriskBrasil