[AsteriskBrasil] Fwd: [asterisk-dev] Asterisk 13.13-cert3, 13.14.1, 14.3.1 Now Available (Security Release)

Sylvio Jollenbeck sylvio.jollenbeck em gmail.com
Terça Abril 4 12:59:55 BRT 2017


---------- Mensagem encaminhada ----------
De: "Asterisk Development Team" <asteriskteam em digium.com>
Data: 4 de abr de 2017 11:55
Assunto: [asterisk-dev] Asterisk 13.13-cert3, 13.14.1, 14.3.1 Now Available
(Security Release)
Para: "Asterisk Developers Mailing List" <asterisk-dev em lists.digium.com>
Cc:

The Asterisk Development Team has announced security releases for
Certified Asterisk
13.13 and Asterisk 13 and 14. The available security releases are released
as versions 13.13-cert3, 13.14.1, and 14.3.1.

These releases are available for immediate download at

http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security
vulnerabilities:

* AST-2017-001: Buffer overflow in CDR's set user
  No size checking is done when setting the user field on a CDR. Thus,
  it is possible for someone to use an arbitrarily large string and write
past
  the end of the user field storage buffer. This allows the possibility of
remote
  code injection.

For a full list of changes in the current releases, please see the
ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asteri
sk/releases/ChangeLog-13.13-cert3
http://downloads.asterisk.org/pub/telephony/asterisk/release
s/ChangeLog-13.14.1
http://downloads.asterisk.org/pub/telephony/asterisk/release
s/ChangeLog-14.3.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2017-001.pdf

Thank you for your continued support of Asterisk!

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20170404/74277540/attachment.html>


Mais detalhes sobre a lista de discussão AsteriskBrasil