Summary: | net-misc/asterisk <1.2.26 Remote Unauthenticated Sessions (CVE-2007-6430) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Rajiv Aaron Manglani (RETIRED) <rajiv> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | rentorbuy, voip+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.digium.com/pipermail/asterisk-announce/2007-December/000113.html | ||
Whiteboard: | C3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 213883 | ||
Bug Blocks: |
Description
Rajiv Aaron Manglani (RETIRED)
2007-12-18 22:51:14 UTC
From: The Asterisk Development Team <asteriskteam@digium.com> To: undisclosed-recipients: ; Date: Tue, 18 Dec 2007 13:50:10 -0600 Subject: [asterisk-announce] Asterisk 1.4.16 and 1.2.26 released The Asterisk.org development team has released Asterisk versions 1.4.16 and 1.2.26. Both releases contain a fix for a security vulnerability. The 1.4.16 release also contains a number of other bug fixes made over the past few weeks. The details of the security issue have been published in a security advisory: http://downloads.digium.com/pub/security/AST-2007-027.pdf The issue affects users of the dynamic realtime configuration method for IAX2 or SIP that use host based authentication. Systems that do not use host based authentication with realtime are not affected. A full list of changes is available in the ChangeLog, which is distributed with the release and is also available on the downloads page. http://downloads.digium.com/pub/telephony/asterisk/ChangeLog-1.4.16 The releases are available for immediate download from http://downloads.digium.com/. Thank you for your support! voip please bump. How we can pitch in on this: http://bugs.gentoo.org/show_bug.cgi?id=212306 net-misc/asterisk-1.2.27 in cvs. target keywords are amd64 sparc x86. stabling on bug 213883. Two YES on bug 213883. GLSA 200804-13 |