The Asterisk releases include fixes for two security issues. Both of these issues affect users of the IAX2 channel driver. For more details on these vulnerabilities, see the published security advisories, AST-2008-010 and AST-2008-011.
AST-2008-010: Asterisk IAX 'POKE' resource exhaustion
AST-2008-011: Traffic amplification in IAX2 firmware provisioning system
The three libraries used with Asterisk that are updated are;
libpri-1.2.8:
This release contains a number of bugfixes that had been unreleased for months, along with clarification of the licensing of the source code. The change log.
libpri-1.4.7:
This release contains primarily only clarification of the licensing of the source code and some minor build system fixes. There is no need for users of version 1.4.6 to upgrade. The change log.
libss7-1.0.1:
This release contains a number of bugfixes, along with clarification of the licensing of the source code. The change log.
All releases could be downloaded from Asterisk downloads site.
Tags:
No comments:
Post a Comment