[AsteriskBrasil] Fwd: [asterisk-dev] Asterisk 11.6-cert9, 11.14.2, 12.7.2, 13.0.2 Now Available (Security Release)

Sylvio Jollenbeck sylvio.jollenbeck em gmail.com
Quarta Dezembro 10 17:07:09 BRST 2014


The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and Asterisk 11, 12, and 13. The available security releases
are
released as versions 11.6-cert9, 11.14.2, 12.7.2, and 13.0.2.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security vulnerability:

* AST-2014-019: Remote Crash Vulnerability in WebSocket Server

  When handling a WebSocket frame the res_http_websocket module dynamically
  changes the size of the memory used to allow the provided payload to fit.
If a
  payload length of zero was received the code would incorrectly attempt to
  resize to zero. This operation would succeed and end up freeing the
memory but
  be treated as a failure. When the session was subsequently torn down this
  memory would get freed yet again causing a crash.

For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the
ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert9
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.7.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.2

The security advisory is available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

Thank you for your continued support of Asterisk!



--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev



-- 
Sylvio Jollenbeck
skype: sylvio.jollenbeck
www.hosannatecnologia.com.br
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20141210/6dd8d574/attachment.html>


Mais detalhes sobre a lista de discussão AsteriskBrasil