Skip to content
Narrow screen resolution Wide screen resolution Auto adjust screen size Increase font size Decrease font size Default font size default color grey color red color blue color

Totek - Asterisk VoIP (SIP) News & Technology Source


 
Home
Asterisk 1.4.15 and 1.2.25 Released PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Web Master   
Tuesday, 04 September 2007
 Image

 The Asterisk.org development team has released Asterisk versions 1.4.15 and 1.2.25. These releases contain two fixes for security issues.

http://downloads.digium.com/pub/asa/AST-2007-025.pdf
* This is a SQL injection vulnerability in the res_config_pgsql module. Default installations of Asterisk are not affected. However, any system using the Postgres Realtime Engine may be remotely exploitable. This issue only affects Asterisk 1.4, as this module was not in Asterisk 1.2.

http://downloads.digium.com/pub/asa/AST-2007-026.pdf
* This is another SQL injection vulnerability. The input for the ANI and DNIS fields were not properly escaped. Default installations of Asterisk are not vulnerable. However, systems that use the Postgres CDR logging module may be remotely exploitable. This issue affects both Asterisk 1.2 and 1.4.

Both releases are available on http://downloads.digium.com.

 

Login Form






Lost Password?


Syndicate