---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14480 2011-10-18 07:13:58 ---------------------------------------------------------------------------= -----
Name : asterisk Product : Fedora 16 Version : 1.8.7.1 Release : 1.fc16 URL : http://www.asterisk.org/ Summary : The Open Source PBX Description : Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ---------------------------------------------------------------------------= ----- Update Information: The Asterisk Development Team has announced a security release for Asterisk= 1.8. The available security release is released as version 1.8.7.1. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing whic= h can lead to a remotely exploitable crash: Remote Crash Vulnerability in SIP channel driver (AST-2011-012) The issue and resolution is described in the AST-2011-012 security advisory. For more information about the details of this vulnerability, please read t= he security advisory AST-2011-012, which was released at the same time as this announcement. For a full list of changes in the current release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8= .7.1 Security advisory AST-2011-012 is available at: http://downloads.asterisk.org/pub/security/AST-2011-012.pdf ---------------------------------------------------------------------------= ----- ChangeLog: * Mon Oct 17 2011 Jeffrey C. Ollie <[email protected]> - 1.8.7.1-1 - The Asterisk Development Team has announced a security release for Asteri= sk 1.8. - The available security release is released as version 1.8.7.1. - - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing wh= ich can - lead to a remotely exploitable crash: - - Remote Crash Vulnerability in SIP channel driver (AST-2011-012) - - The issue and resolution is described in the AST-2011-012 security - advisory. - - For more information about the details of this vulnerability, please read= the - security advisory AST-2011-012, which was released at the same time as th= is - announcement. - - For a full list of changes in the current release, please see the ChangeL= og: - - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .8.7.1 ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #746817 - CVE-2011-4063 asterisk: remote crash in SIP channel d= river (AST-2011-012) https://bugzilla.redhat.com/show_bug.cgi?id=3D746817 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update asterisk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= ----- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
