Tuesday, August 12, 2008

Asterisk versions 1.4.21.2 and 1.2.30 And Three New Versions of libpri Released.

The Asterisk.org development team has released Asterisk versions 1.4.21.2 and 1.2.30 as well as new versions of three libraries used with Asterisk.

The Asterisk releases include fixes for two security issues. Both of these issues affect users of the IAX2 channel driver. For more details on these vulnerabilities, see the published security advisories, AST-2008-010 and AST-2008-011.

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

The three libraries used with Asterisk that are updated are;

libpri-1.2.8:
This release contains a number of bugfixes that had been unreleased for months, along with clarification of the licensing of the source code. The change log.

libpri-1.4.7:
This release contains primarily only clarification of the licensing of the source code and some minor build system fixes. There is no need for users of version 1.4.6 to upgrade. The change log.

libss7-1.0.1:
This release contains a number of bugfixes, along with clarification of the licensing of the source code. The change log.

All releases could be downloaded from Asterisk downloads site.

No comments:

Post a Comment