Asterisk: New release 1.4.15
dicembre 8th. News December 8th. 2007, 10:55 pmAsterisk 1.4.15 and Asterisk 1.2.22 - The Asterisk development team has released two versions which solve the following two security holes:
- http://downloads.digium.com/pub/asa/AST-2007-025.pdf - SQL Injection vulnerability found in the form res_config_pgsql. The default installations of Asterisk are not affected by this vulnerability. However, systems using the Postgres Realtime Engine may be attacked remotely. Furthermore, this vulnerability only affects systems 1.4.x since the postgres module was introduced from version 1.4.x.
- http://downloads.digium.com/pub/asa/AST-2007-026.pdf - Other vulnerabilities like SQL Injection. The input for the ANI and DNIS fields are not handled properly. The default installations of Asterisk are not affected by this vulnerability. However, systems that use the Postgres CDR logging module module could be attacked remotely. This vulnerability affects versions 1.2 and 1.4 of Asterisk.
Asterisk-addons version 1.4.5-This version contains a few bug fixes since the previous release but it was necessary to ensure compatibility with the latest version of Asterisk, 1.4.15.
Zaptel zaptel 1.2.22 and 1.4.7 - both releases contain fixes for many drivers TC400B, a bug fix for the driver for card users wctdm24xxp WPM150M and numerous improvements and fixes to the Xorcom suite of drivers. Asterisk.org The development team has released Asterisk versions 1.4.15 and 1.2.25.
Links:
- Asterisk and Asterisk Addons: http://downloads.digium.com/pub/asterisk/
- Zaptel: http://downloads.digium.com/pub/zaptel/
![[Del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Tags: Call Center Systems | VoIP PBX | Asterisk Consultant Naples | PBX | Voip | Asterisk CTI | PBX | IP Phones | Networking | Linux
Development of IVR systems, callcenter, PBX Voip.
