Saturday, August 25, 2007

Asterisk 1.4.11 released

The Asterisk development team has released version 1.4.11. This version contains numerous bug fixes. One of these is for a security issue in chan_sip. The issue is that SIP dialog history was being stored in memory regardless if the option for this was turned on or off. This could be abused to cause a system using chan_sip to run out of memory.

The security issue is documented in AST-2007-020. Affected systems include any that are using chan_sip. Also, only Asterisk 1.4 is affected. Asterisk 1.2 is not vulnerable to this issue.

0 comments:

Blog Widget by LinkWithin