Asterisk 1.4.8 released

Discussion in 'General' started by saleh, Jul 18, 2007.

  1. saleh

    Joined:
    Apr 18, 2007
    Messages:
    249
    Likes Received:
    0
    The Asterisk development team has released Asterisk versions 1.2.22 and 1.4.8.

    These releases contain fixes for four critical security vulnerabilities. One of these vulnerabilities is a remotely exploitable stack buffer overflow, which could allow an attacker to execute arbitrary code on the target machine. The other three are all remotely exploitable crash vulnerabilities.

    We have released Asterisk Security Advisories for each of the vulnerabilities. The current version of each advisory can be downloaded from the ftp site.

    ASA-2007-014
    * Affected systems include those that bridge calls between chan_iax2 and any channel driver that uses RTP for media

    ASA-2007-015
    * Affected systems include any system that has chan_iax2 enabled

    ASA-2007-016
    * Affected systems include any system that has chan_skinny enabled

    ASA-2007-017
    * Affected systems include any 1.4 system that has any channel driver that uses RTP for media enabled

    All users that have systems that meet any of the criteria listed above should upgrade as soon as possible.

    Thank you very much for your support.
     
  2. starkiller

    Joined:
    May 29, 2007
    Messages:
    16
    Likes Received:
    0
    Can I just download and install this over the current asterisk, or is there some customization Elastix Does?
     

Share This Page