Critical Updates: Asterisk 1.2.22 and 1.4.8 released

Submitted by asteriskteam on 17 July 2007 - 10:15pm.

The Asterisk development team has released Asterisk versions 1.2.22 and 1.4.8.

These releases contain fixes for four critical security vulnerabilities. One of these vulnerabilities is a remotely exploitable stack buffer overflow, which could allow an attacker to execute arbitrary code on the target machine. The other three are all remotely exploitable crash vulnerabilities.

We have released Asterisk Security Advisories for each of the vulnerabilities. The current version of each advisory can be downloaded from the ftp site.

ASA-2007-014
* Affected systems include those that bridge calls between chan_iax2 and any channel driver that uses RTP for media

ASA-2007-015
* Affected systems include any system that has chan_iax2 enabled

ASA-2007-016
* Affected systems include any system that has chan_skinny enabled

ASA-2007-017
* Affected systems include any 1.4 system that has any channel driver that uses RTP for media enabled

All users that have systems that meet any of the criteria listed above should upgrade as soon as possible.

Thank you very much for your support.

printer friendly version
( categories: | | )