Bug#439062: Fwd: [asterisk-announce] Asterisk 1.4.11 released
Mark Purcell
msp at debian.org
Tue Aug 21 22:09:59 UTC 2007
Package: asterisk
Version: 1:1.4.1~dfsg-1
Severity: serious
Tags: security pending
---------- Forwarded Message ----------
Subject: [asterisk-announce] Asterisk 1.4.11 released
Date: Tue, 21 Aug 2007
From: The Asterisk Development Team <asteriskteam at digium.com>
To: undisclosed-recipients:;
The Asterisk development team has released version 1.4.11.
This version contains numerous bug fixes. One of these is for a security issue
in chan_sip. The issue is that SIP dialog history was being stored in memory
regardless if the option for this was turned on or off. This could be abused to
cause a system using chan_sip to run out of memory.
The security issue is documented in AST-2007-020. Affected systems include any
that are using chan_sip. Also, only Asterisk 1.4 is affected. Asterisk 1.2 is
not vulnerable to this issue.
* http://downloads.digium.com/pub/asa/AST-2007-020.pdf
The name prefix for our security advisories has been changed from ASA to AST.
The ASA scheme was already in use by another company before we started using it.
This release is available for download from
http://downloads.digium.com/pub/telephony/asterisk/.
Thank you for your support!
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-announce mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-announce
-------------------------------------------------------
More information about the Pkg-voip-maintainers
mailing list