security update !!!

Alle sonstigen Anliegen

Moderatoren: rainer, Tim

Antworten
Benutzeravatar
rainer
Profi
Beiträge: 183
Registriert: Di 17. Nov 2009, 20:18
Wohnort: Bonn
Kontaktdaten:

security update !!!

Beitrag von rainer »

Quelle: www.asterisk.org


The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security
releases are released as versions 1.8.15-cert7, 11.6-cert4, 1.8.28.2, 11.10.2,
and 12.3.2.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telep ... k/releases

These releases resolve security vulnerabilities that were previously fixed in
1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1. Unfortunately, the fix
for AST-2014-007 inadvertently introduced a regression in Asterisk's TCP and TLS
handling that prevented Asterisk from sending data over these transports. This
regression and the security vulnerabilities have been fixed in the versions
specified in this release announcement.

The security patches for AST-2014-007 have been updated with the fix for the
regression, and are available at http://downloads.asterisk.org/pub/security

Please note that the release of these versions resolves the following security
vulnerabilities:

* AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe
        Framework

* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
        Shell Access

* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
        Connections

* AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions

For more information about the details of these vulnerabilities, please read
security advisories AST-2014-005, AST-2014-006, AST-2014-007, and AST-2014-008,
which were released with the previous versions that addressed these
vulnerabilities.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telep ... 8.15-cert7
http://downloads.asterisk.org/pub/telep ... g-1.8.28.2
http://downloads.asterisk.org/pub/telep ... 11.6-cert4
http://downloads.asterisk.org/pub/telep ... og-11.10.2
http://downloads.asterisk.org/pub/telep ... Log-12.3.2

The security advisories are available at:

 * http://downloads.asterisk.org/pub/secur ... 14-005.pdf
 * http://downloads.asterisk.org/pub/secur ... 14-006.pdf
 * http://downloads.asterisk.org/pub/secur ... 14-007.pdf
 * http://downloads.asterisk.org/pub/secur ... 14-008.pdf

Thank you for your continued support of Asterisk!




-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Rainer Piper - Bonn - 0228 97167161 or SIP-URI: sip:7000@sip.soho-piper.de:5072
Software: kamailio 4.2.0 -> Asterisk 13.0.1 mit pjsip stack
Hardware: 2x QuadCore, 128GB ECC-RAM, 4x HDD Raid 10
Antworten