[asterisk-dev] Asterisk 1.4.17 Released
January 2, 2008
The Asterisk.org development team has released Asterisk version 1.4.17. This
release contains a fix for a SIP security issue, as well as a number of other
bug fixes.
The security issue is documented in the published security advisory,
AST-2008-001. The vulnerability allows an attacker to cause a crash in the SIP
channel driver with a properly crafted transfer. This issue requires an
authenticated session that allows transfers to be exploited. If unauthenticated
calls with transfer capability are allowed, then this issue could be exploited
with an unauthenticated session. Also, this issue only affects Asterisk 1.4.
Asterisk 1.2 is not affected. Systems that do not use chan_sip are also not
affected.
The security advisory is available at
http://downloads.digium.com
The release is available for immediate download from
http://downloads.digium.com
Thank you for your support!
I’m sorry for commenting here, I wasn’t sure how to reach you otherwise, but you had a howto for hudlite server and Gentoo, which I got to work thanks to your post, however it now seems that the howto portion of that post has vanished. The post is still there, just the steps you took have been removed. Could you please provide? repost? they were very helpful… thank you…
Hi BJ,
I wish I could find it as well. Another user let me know last week that the content was missing – it seems as though something happened when I moved from serendipity to wordpress, over a year ago, and nobody has noticed till now. I’ve been frantically looking for the document, but I can’t find a backup of it anywhere. Sorry about this.
If i find it, I will repost it.
Matt