Asterisk: A new release 1.4.15
dicembre 8th. News December 8th. 2007, 10:55 pmAsterisk 1.4.15 and Asterisk 1.2.22 - The Asterisk development team has released two versions which solve the following two security holes:
- http://downloads.digium.com/pub/asa/AST-2007-025.pdf - SQL Injection Vulnerability res_config_pgsql contained in the module. Default installations of Asterisk are not affected by this vulnerability. However, systems that use the Postgres Realtime Engine may be attacked remotely. Furthermore, this vulnerability only affects systems 1.4.x since the postgres module was introduced in version 1.4.x.
- http://downloads.digium.com/pub/asa/AST-2007-026.pdf - Another SQL Injection vulnerabilities. The input for ANI and DNIS fields are not properly managed. Default installations of Asterisk are not affected by this vulnerability. However, systems that use the Postgres CDR logging module module could be attacked remotely. This vulnerability affects versions 1.2 and 1.4 of Asterisk.
Asterisk-addons version 1.4.5 This version contains a few bug-fixes from the previous release, but it was necessary to ensure compatibility with the latest version of Asterisk 1.4.15.
Zaptel 1.2.22 and Zaptel 1.4.7 - both releases contain fixes for several TC400B driver, a bug fix for the driver for the card users wctdm24xxp WPM150M and numerous enhancements and fixes to the Xorcom suite of drivers. The development team has released Asterisk Asterisk.org versions 1.4.15 and 1.2.25.
Links:
- Asterisk and Asterisk addons: http://downloads.digium.com/pub/asterisk/
- Zaptel: http://downloads.digium.com/pub/zaptel/
![[Del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Tags: Call Center Systems | VoIP PBX | Asterisk Consultant Naples | PBX Phone | VoIP | Asterisk CTI | PBX | IP Phones | Networking | Linux
Development of IVR systems, call center, VoIP PBX.
