[AsteriskBrasil] Fwd: [asterisk-dev] Asterisk 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 Now Available (Security Release)

Denis Galvão - Gmail denisgalvao em gmail.com
Quinta Junho 23 18:47:38 BRT 2011 


Sent from my iPad

Begin forwarded message:

> From: Asterisk Development Team <asteriskteam em digium.com>
> Date: 23 de junho de 2011 17h14min19s BRT
> To: asteriskteam em digium.com
> Subject: [asterisk-dev] Asterisk 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 Now Available (Security Release)
> Reply-To: Asterisk Developers Mailing List <asterisk-dev em lists.digium.com>
> 

> The Asterisk Development Team has announced the release of Asterisk versions
> 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases.
> 
> These releases are available for immediate download at
> http://downloads.asterisk.org/pub/telephony/asterisk/releases
> 
> The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several issues
> as outlined below:
> 
> * AST-2011-008: If a remote user sends a SIP packet containing a null,
>  Asterisk assumes available data extends past the null to the
>  end of the packet when the buffer is actually truncated when
>  copied.  This causes SIP header parsing to modify data past
>  the end of the buffer altering unrelated memory structures.
>  This vulnerability does not affect TCP/TLS connections.
>  -- Resolved in 1.6.2.18.1 and 1.8.4.3
> 
> * AST-2011-009: A remote user sending a SIP packet containing a Contact header
>  with a missing left angle bracket (<) causes Asterisk to
>  access a null pointer.
>  -- Resolved in 1.8.4.3
> 
> * AST-2011-010: A memory address was inadvertently transmitted over the
>  network via IAX2 via an option control frame and the remote party would try
>  to access it.
>  -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
> 
> 
> The issues and resolutions are described in the AST-2011-008, AST-2011-009, and
> AST-2011-010 security advisories.
> 
> For more information about the details of these vulnerabilities, please read
> the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were
> released at the same time as this announcement.
> 
> For a full list of changes in the current releases, please see the ChangeLog:
> 
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.1
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.1
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.3
> 
> Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available
> at:
> 
> http://downloads.asterisk.org/pub/security/AST-2011-008.pdf
> http://downloads.asterisk.org/pub/security/AST-2011-009.pdf
> http://downloads.asterisk.org/pub/security/AST-2011-010.pdf
> 
> Thank you for your continued support of Asterisk!
> 
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> 
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>  http://lists.digium.com/mailman/listinfo/asterisk-dev
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20110623/3e153fa3/attachment.htm

Mais detalhes sobre a lista de discussão AsteriskBrasil